what is the difference between digital signature and digital certificate?
i've been google'ing the difference between digital signature and digital certificate (asymmetric encryption) seems like they are the same. I would like to clarify if they are the same or not? many thanks!!!
Answer
A digital signature is used to verify a message. It is basically an encrypted hash (encrypted by the private key of the sender) of the message. The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature.
To decrypt the signature, the corresponding public key is required. A digital certificate is used to bind public keys to persons or other entities. If there were no certificates, the signature could be easily be forged, as the recipient could not check if the public key belongs to the sender.
The certificate itself is signed by a trusted third party, a Certificate Authority like VeriSign.