- A digital certificate is a document provided by a company (known as a Certifying Authority) and contains information about a company to help verify their credentials. This is information that the Certifying Authority has checked using public records.
- The digital certificate will also contain a public key. A message encrypted with this public key can only be decrypted using the private key held by the company.
- A digital signature is added to the certificate - this is a hash (number generated from the data in the certificate) that has been encrypted using the company's private key.
- A user can check that a certificate is accurate and has not been changed by encrypting the certificate with a public key and comparing to the digital signature.
- Companies install this certificate onto their server so that they can use it to prove that they are who they say they are.
- When the digital certificate is sent to the user, the user can confident that the server is not an imposter, and can connect their computer to the server using SSL (Secure Sockets Layer).
- Browsers have a collection of trusted CA public keys installed, and can use this to check the validity of the certificate.
A Digital Certificate is a way of proving that the public key of the sender is authentic. Digital Certificates are only issued by a certification authority (CA). The certificates are encrypted into the message via the CA's private key, and can only be decrypted with the CA's public key.
Digital signatures are a way for the sender to prove to the receiver that the message did in fact originate from them. A digital signature is obtained through the following process:
|Processes required before A sends the message to B||Processes required to ensure the message is from A|
|Message is hashed to get a message digest.||B decrypts the message with B's private key.|
|The message digest is encrypted with A's private key, this then becomes the signature.||B decrypts the signature with A's public key to get the original message digest.|
|The signature is appended to the message.||The decrypted message is hashed again, reproducing the message digest.|
|The message is encrypted using B's public key.||The message has not been tampered with if the decrypted message digest is the same as the reproduced digest.|
|The encrypted message is sent to B.|