Preface
First look at Baidu Encyclopedia of Digital Signatures and digital certificate interpretation:
Digital Signature:
A fixed-digit message digest is computed by the hash algorithm agreed by both parties. Mathematically guaranteed: As long as any one of the changes in the message, the recalculated report digest to the value will not match the original value. This ensures that the message is not modified. The digest value of the newspaper is encrypted with the sender's private key and sent to the receiver together with the original message, and the resulting message is called digital signature
Digital certificates:
A digital certificate is a series of data that marks the identity of the parties to a communication in an Internet communication, providing a way to authenticate your identity on the Internet, similar to the driver's license or identity card in daily life. It is issued by an authority-----CA, also known as the Certificate Authority (certificate Authority) center, which people can use to identify each other on the Internet. A digital certificate is a file that contains public key owner information and a public key that is digitally signed by a certificate authorization center. The simplest certificate contains a digital signature that exposes the key, name, and certificate Authorization center.
The understanding of digital signatures and digital certificates has been blurred.
Recently read a very image of digital certificate on the graphical introduction, suddenly cheerful ^ ^
Original: What is a Digital Signature?
Chinese version
Body
1. Bob has two keys, one is the public key, the other is the private key.
2. Bob sent his public key to his friends----patty, Doug, Susan----each one.
3. Susan is going to write a confidential letter to Bob. When she's finished, she uses Bob's public key to encrypt it, and it's a secret effect.
4. When Bob received the letter, he decrypted it with his private key and saw the contents of the letter. The point here is that, as long as Bob's private key does not leak, this letter is safe, even if it falls in the hands of others, can not decrypt.
5. Bob replied to Susan and decided to use a "digital signature". When he finished, he used the hash function to generate a summary of the letter (digest)
6. Then, Bob uses the private key to encrypt the digest, generating a "digital signature" (signature).
7. Bob attached the signature to the letter and sent it to Susan.
8. After receiving the letter, Susan removed the digital signature and decrypted it with Bob's public key to get a summary of the letter. It turns out that the letter was actually from Bob.
9. Susan then uses the hash function on the letter itself to compare the resulting result with the summary obtained from the previous step. If the two are consistent, the letter has not been modified.
10. The complex situation has arisen. Doug tried to cheat Susan by secretly using Susan's computer and swapping out Bob's public key with his public key. At this point, Susan actually owned Doug's public key, but thought it was Bob's public key. So Doug could impersonate Bob and use his private key as a "digital signature", write to Susan and let Susan decrypt it with a fake Bob's public key.
11. Later, Susan felt something was wrong and found herself unable to determine whether the public key really belonged to Bob. She thought of a way to ask Bob to find "Certificate Center" (certificate Authority, CA) for public key authentication. The certificate center uses its own private key to encrypt the bob's public key and some related information, generating a "digital certificate" (Digital certificate).
12. Bob will be relieved when he gets his digital certificate. Later write to Susan, as long as the signature of the same time, and then attach a digital certificate on the line.
13. Susan received the letter, using the CA's public key to unlock the digital certificate, you can get the real public key bob, and then can prove that "digital signature" is really Bob signed.
14. Below, we look at an example of applying a digital certificate: HTTPS protocol. This protocol is primarily used for Web page encryption.
15. First, the client sends an encryption request to the server.
16. The server uses its own private key to encrypt the Web page, along with its own digital certificate, sent to the client.
17. The Client (browser) Certificate Manager has a list of trusted root certification authorities. Depending on this list, the client will see if the public key that unlocks the digital certificate is within the list.
18. If the Web site recorded by the digital certificate is inconsistent with the URL you are browsing, it means that the certificate may be used and the browser will issue a warning.
19. If this digital certificate is not issued by a trusted organization, the browser will issue another warning
20. If the digital certificate is reliable, the client can use the server's public key in the certificate, encrypt the information, and then exchange encrypted information with the server.
Summary
Digital signature is the use of personal privacy and encryption algorithm to encrypt the digest and message, is private. And the digital certificate is distributed by the CA center.