Chinese Yellow Pages | Classifieds | Knowledge | Tax | IME

Digital certificate vs digital signature

Digital Signature:

how it works

This diagram shows the process of computing a message digest, encrypting, and transmitting the message to the receiver, who decrypts the digital signature, computes a message digest, and compares the two digests

 

Digital certificate is one use cases of digital signature.

Cc962029.DSCH08(en-us,TechNet.10).gif

To create the digital signature, the CA generates a message digest from the certificate, encrypts the digest with its private key, and includes the digital signature as part of the certificate. Anyone can use the message digest function and the CA’s public key to verify the certificate’s integrity.

Distributing a certificate means distributing the public key!

In TLS/SSL, client will get the server’s public key from the servers’ digital certificate ( server Hello msg)

Revoked Certificates:

Certificate Revocation List (CRL) ( basically a file contain the revoked certificate’s serial number)  and Online certificate Status Procotol ( OCSP) are used to check if the certificate are revoked or not.

 

 

References:

https://technet.microsoft.com/en-us/library/cc962029.aspx

https://www.ibm.com/support/knowledgecenter/mobile/#!/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10520_.htm

http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#_certificate_revocation

Please rate this


Leave a Reply