Source: https://www.fir3net.com/Security/Concepts-and-Terminology/digital-certificates-vs-digital-signatures.html

Digital Signatures

A Digital Signature is a method to ensure data authenticity. A digital signature is created by generating a hash (message digest) against the data and then encrypting this digest using the cryptography (public or private) key. This signature is then appended to the data.

Once the recipient has received the data + signature they generate a hash against the data, as well as decrypting the signature using their cryptography (public or private) key. These digests are then compared to ensure data authenticity.

Digital Certificates

A Digital certificate is a form of electronic credentials. Digital certificates are issued by a Certification Authority (CA) and are used to encrypt and sign digital information. Digital Certificates typically contain the Owner’s public key/name, expiration date of the public key, Name of the issuer (CA), Serial number and the Digital signature of the issuer (CA).

Reference : http://www.pgpi.org/doc/pgpintro/#p12

Advertisements