Although digital signatures and digital certificates differ in their functionality, they both serve the purpose of secure communication across computer networks. Together, they cater to four principal security functions in information and communications technology: confidentiality--keeping information sent over the Internet private; integrity--ensuring that the message transmitted is not maliciously altered; authentication--verifying the identity of the sender; and non-repudiation--ensuring that people cannot refute the validity of data generated.
The aim of digital signatures is to verify the integrity of the transmitted message by verifying the identity of the sender. They ensure the confidentiality of the information transmitted by employing an algorithm to encode the message transmitted over computer networks. The digital signature is appended to the message by using a "private key." The message is then transmitted to the recipient in a scrambled version, and the recipient can decrypt the message received by using a corresponding "public key" that verifies the integrity of the received message and the identity of its sender.
Public Key Infrastructure
The public key infrastructure (PKI) employs basic cryptography to scramble a message in transit, while allowing the recipient to decrypt it. The PKI is the system than enables the exchange of private and public keys and authenticates digital signatures. Public key encryption entails a pair of asymmetric keys consisting of a private key and a public key. The public key is distributed to all recipients, whereas the private key is kept private. Information that is encrypted with the private key can only be decrypted with the public key. Alternatively, information encrypted with the public key needs to be decrypted with the private key.
Digital certificates are issued and signed by an authorized Certificate Authority, like VeriSign. Digital certificates are digital documents that verify that both the "private key" and the "public key" used to authenticate the sender and verify the integrity of a transmitted message are genuine and approved by a Certificate Authority. The role of the digital certificate is to safeguard the security and reliability of digital signatures, since without a digital certificate, a digital signature can easily be faked. A digital certificate corresponds to a company's or individual's proof of identity.
A certificate authority supplies companies with approved digital certificates and authenticates all digital certificates that are used to authenticate the sender of a message. The certificate authority also handles all public keys used throughout their life-cycle and guarantees the identity of individuals and organizations.