Although digital signatures and digital certificates differ in their functionality, they both serve the purpose of secure communication across computer networks. Together, they cater to four principal security functions in information and communications technology: confidentiality--keeping information sent over the Internet private; integrity--ensuring that the message transmitted is not maliciously altered; authentication--verifying the identity of the sender; and non-repudiation--ensuring that people cannot refute the validity of data generated.
The aim of digital signatures is to verify the integrity of the transmitted message by verifying the identity of the sender. They ensure the confidentiality of the information transmitted by employing an algorithm to encode the message transmitted over computer networks. The digital signature is appended to the message by using a "private key." The message is then transmitted to the recipient in a scrambled version, and the recipient can decrypt the message received by using a corresponding "public key" that verifies the integrity of the received message and the identity of its sender.
Public Key Infrastructure
The public key infrastructure (PKI) employs basic cryptography to scramble a message in transit, while allowing the recipient to decrypt it. The PKI is the system than enables the exchange of private and public keys and authenticates digital signatures. Public key encryption entails a pair of asymmetric keys consisting of a private key and a public key. The public key is distributed to all recipients, whereas the private key is kept private. Information that is encrypted with the private key can only be decrypted with the public key. Alternatively, information encrypted with the public key needs to be decrypted with the private key.
Digital certificates are issued and signed by an authorized Certificate Authority, like VeriSign. Digital certificates are digital documents that verify that both the "private key" and the "public key" used to authenticate the sender and verify the integrity of a transmitted message are genuine and approved by a Certificate Authority. The role of the digital certificate is to safeguard the security and reliability of digital signatures, since without a digital certificate, a digital signature can easily be faked. A digital certificate corresponds to a company's or individual's proof of identity.
A certificate authority supplies companies with approved digital certificates and authenticates all digital certificates that are used to authenticate the sender of a message. The certificate authority also handles all public keys used throughout their life-cycle and guarantees the identity of individuals and organizations.
- Photo Credit Chad Baker/Photodisc/Getty Images
What Is the Difference Between Certified Mail & a Certificate of Mailing?
Certified mail or certificate of mailing? To make the right choice for your item, you need to know the difference between the...
How to Create Digital Certificates
Digital certificates are usually purchased through a certificate authority. These authorities are generally considered to be trusted third parties. A certificate you...
How to Create a Digital Signature Certificate
In order to do business, attract visitors or serve your clients on the Internet, you can establish your validity and credentials through...