Hey guys,
i've been google'ing the difference between digital signature and digital certificate (asymmetric encryption) seems like they are the same. I would like to clarify if they are the same or not? many thanks!!!
Hey guys,
i've been google'ing the difference between digital signature and digital certificate (asymmetric encryption) seems like they are the same. I would like to clarify if they are the same or not? many thanks!!!
From Wikipedia (emphases mine):
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.
and
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
So if I understand the above correctly, a digital signature just prove that a document hasn't been tempered with where as a digital certificate proves that the document actually came from you.
Conceptually they are kind of oposites. With a digital certificate encypt you with the public key and decrypt with the private key, that way you can ensure only the person with the private key can read your text. With a digital signature you encrypt with the private key and decrypt with the public key, that way anyone can decrypt, but only the person with the private key can encrypt so you know the message has come from the person with the private key.
A digital signature is used to verify a message. It is basically an encrypted hash of the message. The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature.
To decrypt the signature, the corresponding public key is required. A digital certificate is used to bind public keys to persons or other entities. If there were no certificates, the signature could be easily be forged, as the recipient could not check if the public key belongs to the sender.
The certificate itself is signed by a trusted third party, a Certificate Authority like VeriSign.