what is the difference between digital signature and digital certificate?

Bugzy bug picture Bugzy bug · May 21, 2010 · Viewed 71k times · Source

i've been google'ing the difference between digital signature and digital certificate (asymmetric encryption) seems like they are the same. I would like to clarify if they are the same or not? many thanks!!!

Answer

king_nak picture king_nak · May 21, 2010

A digital signature is used to verify a message. It is basically an encrypted hash (encrypted by the private key of the sender) of the message. The recipient can check if the message was tampered with by hashing the received message and comparing this value with the decrypted signature.

To decrypt the signature, the corresponding public key is required. A digital certificate is used to bind public keys to persons or other entities. If there were no certificates, the signature could be easily be forged, as the recipient could not check if the public key belongs to the sender.

The certificate itself is signed by a trusted third party, a Certificate Authority like VeriSign.