Digital signatures
A digital signature or
digital signature scheme is a mathematical scheme for demonstrating the
authenticity of a digital message or document. A valid digital signature gives
a recipient reason to believe that the message was created by a known sender
such that they cannot deny sending it (authentication and non-repudiation) and that
the message was not altered in transit (integrity). Digital signatures are
commonly used for software distribution, financial transactions, and in other
cases where it is important to detect forgery or tampering.
A
digital signature (NOT a digital certificate) is an electronic signature that
can be used to authenticate the identity of the sender of a message or the
signer of a document, and possibly to ensure that the original content of the
message or document that has been sent is unchanged. Digital signatures are
easily transportable, cannot be imitated by someone else, and can be
automatically time-stamped. The ability to ensure that the original signed
message arrived means that the sender cannot easily repudiate it later.
A
digital signature can be used with any kind of message, whether it is encrypted
or not, simply so that the receiver can be sure of the sender's identity and
that the message arrived intact. A digital certificate contains the digital
signature of the certificate-issuing authority so that anyone can verify that
the certificate is real.
Digital certificate
An
attachment to an electronic message used for security purposes. The most common
use of a digital certificate is to verify that a user sending a message is who
he or she claims to be, and to provide the receiver with the means to encode a
reply.
An
individual wishing to send an encrypted message applies for a digital
certificate from a Certificate Authority (CA). The CA issues an encrypted
digital certificate containing the applicant's public key and a variety of
other identification information. The CA makes its own public key readily
available through print publicity or perhaps on the Internet.
The
recipient of an encrypted message uses the CA's public key to decode the
digital certificate attached to the message, verifies it as issued by the CA
and then obtains the sender's public key and identification information held
within the certificate. With this information, the recipient can send an
encrypted reply. The most widely used standard for digital certificates is
X.509.