Digital Signature is an attachment to the electronic document which can be viewed as a signature. Once a document is signed, its data can not be altered without invalidating the signature. Digital Signature is created using signer’s key for encrypting the document.
On the other side, Digital Certificate is a medium to prove holder’s identity for a particular electronic transaction. It grants certification to the people or website and also offers protection against data exchange from visitor to website.
The basic difference between Digital Signature and Digital Certificate is that there exists a relationship between a sender and the hosting site in Digital signature. Whereas in Digital Certificate, the holder doesn’t need to establish an association with the remote site. In fact, it just requires the ability to identify which digital certificate authority is used by the site to validate it.
Content: Digital Signature Vs Digital Certificate
|Basis for comparison||Digital Signature||Digital Certificate|
|Basic||It verifies the authenticity and source of a particular document.||It creates an identity of a website and also increases its trustworthiness.|
|Process||The document is encrypted at the sender's end and decrypted at the receiver's end using asymmetric keys.||A certificate is issued by a trusted agency known as CA which follow particular steps to do so that are - key generation, registration, verification and creation.|
|Security||It provides authentication, non-repudiation and integrity.||It provides authentication and security.|
Definition of Digital Signature
A digital signature is a technique that verifies the authenticity of the digital document in which particular code is attached to the message that acts as a signature. Hash of the message is utilized for the creation of the message and after that message is encrypted with the sender’s private key. The signature ensures the source and integrity of the message.
Techniques used for performing digital signature
The Digital Signature Standard (DSS) was developed for performing the digital signature. The National Institute of Standards and Technology (NIST) published the DSS standard as the Federal Information Processing Standard (FIPS) PUB 186 in 1991.
DSS makes use of SHA-1 algorithm for calculating the message digest over an original message and uses message digest to perform the digital signature. For doing so, DSS utilizes Digital signature algorithm (DSA). DSA is based on Asymmetric key cryptography.
Furthermore, RSA algorithm can also be used for performing digital signature, but its primary use is to encrypt the message. Although, DSA can not be used for the encryption.
Definition of Digital Certificate
A Digital Certificate is simply a computer file which helps in establishing your identity. It officially approves the relation between the holder of the certificate (the user) and a particular public key. Therefore, a digital certificate must contain the user name and the user’s public key. This will prove that the particular public key belongs to a particular user.
A digital certificate consists of the following information: Subject name (User’s name is referred to as Subject name because a digital certificate can be issued to an individual, a group or an organization), Serial number, Validity date range and issuer name, etc.
A Certification Authority (CA) is a trusted agency that can issue digital certificates to individuals and organizations, which want to use those certificates in the asymmetric key cryptographic application. Usually, a CA is a reputed organization, such as post office, financial institution, a software company, etc. Two of the world’s most famous CA’s are Verisign and Entrust.
Since a CA can be overloaded with a variety of tasks such as issuing new certificates, maintaining the old ones, revoking the ones that have become invalid for whatever reasons, etc. The CA can delegate some of its tasks to this third-party called as a Registration Authority (RA).
Digital Certificate Creation Steps:
- Key generation – It starts with the creation of the subject’s public and private keys using some software. This software works as a part of web browser and web server. The subject must not share the private key. The subject then sends the public key along with the other information like evidence about himself/herself to the RA (Registration Authority).
Although, either if the user is not aware of the technicalities involved in the generation of the key or if there are particular demands that the key must be centrally generated then these keys can be generated by RA also on the subject’s (user’s) behalf.
- Registration: Assuming that the user has generated the key pair, the user now sends the public key and the associated registration information (e.g. subject name, as it is desired to appear in the digital certificate) and all the evidence of himself and herself to the RA.
For this, the software provides a wizard in which the user enters the data and submits it when all the data is correct. The data then travels over the network/internet to the RA. The format for the certificate requests has been standardized and is called certificate signing request (CSR). This is one of the public key cryptography standards (PKCS).
- Verification: After the registration process, the RA has to verify the user’s credentials such as the evidence provided are correct and acceptable.
The second check is to ensure the user who is requesting for the certificate does indeed possess the private key correlating to the public key that is sent as the part of the certificate request to the RA. This check is called as checking the Proof Of Possession (POP) of the private key.
- Certificate creation: Assuming that all steps so far have been successful, the RA passes on all the details of the user to the CA. The CA does its own verification (if required) and creates a digital certificate for the user.
There are programs for creating certificates in the X.509 standard format. The CA sends the certificate to the user and also retains a copy of the certificate for its own record. The CA’s copy of the certificate is maintained in a certificate directory.
Key Differences Between Digital Signature and Digital Certificate
- The digital signature proves the authenticity of the digital document. On the other hand, digital certificate identifies the website.
- A digital certificate is digitally signed and can be used to sign other documents digitally. Digital signature of CA is verified on the digital certificate.
- Digital certificate creation process includes key generation, registration, verification and creation steps. In contrast, Digital signature process includes encryption and decryption of the message at the sender’s and receiver’s end respectively.
Digital Signature and Digital Certificate both are used for ensuring the authenticity of the digital document although these are absolutely different things. A document is digitally signed to protect it from tampering while Digital Certificate increases the trustworthiness of the website.