what is the difference between digital signature and digital certificate?

A digital signature is used to verify a message. It is basically an encrypted hash (encrypted by the private key of the sender) of the message. The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature.

To decrypt the signature, the corresponding public key is required. A digital certificate is used to bind public keys to persons or other entities. If there were no certificates, the signature could be easily be forged, as the recipient could not check if the public key belongs to the sender.

The certificate itself is signed by a trusted third party, a Certificate Authority like VeriSign.


Let me expand of Ashley's explanation. As with all things crypto, assume Alice (sender) wants to send a secure message to Bob (recipient)

There are two problem to solve here.

  1. How to encrypt the message so only Bob can decrypt it.
  2. How can Bob be sure the message is from Alice in the first place and not modified by someone in transit.

Both of these problems can be solved with public key cryptography. For (1), Alice encrypts the message with Bob's public key. When bob receives the message, he can securely decrypt it with his private key. So encrypt with Bob's public key and decrypt with Bob's private key (this is basic stuff in public key crypto)

To solve (2), Alice also sends a digital signature along with the encrypted message. This is done as follows:

  • Pass the original message through a hash function (like sha-1) to get a message digest
  • Encrypt this message digest with Alice's private key (note this is the opposite of how the original message is encrypted with Bob's public key)

When Bob receives the message + digital signature he will:

  • Decrypt the message with this private key and then calculate its message digest. Lets call this digest M1.
  • Decrypt the signature with Alice's public key to get the message digest. Lets call this M2.
  • If M1 and M2 are same, Bob can be certain that the message was not modified in transit and that indeed it is from Alice.

As for digital certificates, notice that Alice relies on encrypting the original message with Bob's public key and Bob relies on Alice's public key to decrypt the signature. How can both of them be sure of each other's public key? Thats what digital certificates are for. Its allows a trusted third party to verify/say "Alice's public key is xyz".


The clearest explanation for me is available at RSA Laboratories:

Digital signature: Suppose Alice wants to send a signed document or message to Bob. The first step is generally to apply a hash function to the message, creating what is called a message digest. The message digest is usually considerably shorter than the original message. In fact, the job of the hash function is to take a message of arbitrary length and shrink it down to a fixed length. To create a digital signature, one usually signs (encrypts) the message digest as opposed to the message itself.

...

Alice sends Bob the encrypted message digest and the message, which she may or may not encrypt. In order for Bob to authenticate the signature he must apply the same hash function as Alice to the message she sent him, decrypt the encrypted message digest using Alice's public key and compare the two. If the two are the same he has successfully authenticated the signature. If the two do not match there are a few possible explanations. Either someone is trying to impersonate Alice, the message itself has been altered since Alice signed it or an error occurred during transmission.

...

Digital certificate: In addition, someone could pretend to be Alice and sign documents with a key pair he claims is Alice's. To avoid scenarios such as this, there are digital documents called certificates that associate a person with a specific public key.

These quotes are from RSA labs at http://www.rsa.com/rsalabs/node.asp?id=2182 and http://www.rsa.com/rsalabs/node.asp?id=2277