Digital certificate vs digital signature

ByMin Wang

Apr 30, 2016

Digital Signature:

how it works

This diagram shows the process of computing a message digest, encrypting, and transmitting the message to the receiver, who decrypts the digital signature, computes a message digest, and compares the two digests

Digital certificate is one use cases of digital signature.

Cc962029.DSCH08(en-us,TechNet.10).gif

To create the digital signature, the CA generates a message digest from the certificate, encrypts the digest with its private key, and includes the digital signature as part of the certificate. Anyone can use the message digest function and the CA’s public key to verify the certificate’s integrity.

Distributing a certificate means distributing the public key!

In TLS/SSL, client will get the server’s public key from the servers’ digital certificate ( server Hello msg)

Revoked Certificates:

Certificate Revocation List (CRL) ( basically a file contain the revoked certificate’s serial number) and Online certificate Status Procotol ( OCSP) are used to check if the certificate are revoked or not.

References:

https://technet.microsoft.com/en-us/library/cc962029.aspx

https://www.ibm.com/support/knowledgecenter/mobile/#!/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10520_.htm

http://chimera.labs.oreilly.com/books/1230000000545/ch04.html#_certificate_revocation

By Min Wang

Linux Networking Security software programming

Digital certificate vs digital signature

ByMin Wang

By Min Wang

Related Post

srtp and h.235.6 secure rtp

What is bro and how to install bro on debian 8

how to install/config Suricata on debian 8

Leave a Reply Cancel reply

You missed

what is std::forward and universal reference

Update k8s certs

iouring vs traditional read/write on files

how condition variable wait_for with timeout implemented