Digital Signatures versus Certificates and Encryption
Digital signatures are different than digital certificates. Each of these is different
than using encrypted email. It is important to differentiate among these three separate applications of public key algorithms.
A digital signature involves using a special "one-way" hashing algorithm to create a hash code. This code is also called a "message digest." The message digest is then encrypted with the sender's private key, creating a complete digital signature. The recipient of the transmission must first have the sender's public key. The recipient then decrypts the information using the public key of the sender. A digital
signature authenticates users. It does not encrypt information.
A digital certificate, on the other hand, comprises a public key digitally signed by a trusted third party or CA. When clients visit the secure section of your e-commerce site, they will request your signed certificate, their browser will verify that it is properly signed, and the transaction will continue. The remainder of the session will be authenticated, then encrypted.
Encrypting email between one party and another involves digitally signing the message, then using the recipient's public key to encrypt the signature and the symmetrically encrypted email text. The recipient then decrypts the email text using a private key.
Digital signature: Use of a one-way hash algorithm and a private key to provide a stamp of approval on an electronic document or network transmission.
Public key algorithm: The use of a key pair. The first half of the pair, or private key, stays secret. The second half, or public key, is freely distributed. Digital certificates and signatures use this form of algorithm.