im getting ready to take the COMPTia Network Security Exam, and some questions are very hard, there are alot of question about digital signatures and digital certificates, and i always get confused with both of what they do.


digital signatures vs digital certificates

Digital signatures – ensures both data integrity and non-repudiation. A digital signature creates a has value of the message using the author’s private key. The recipient can use the author’s public key to decrypt the hash. The recipient also creates a hash of the message. If the two hashes match, the recipient knows that the message has not been altered. Since the message came encrypted with the sender’s private key, non-repudiation is assured.


A Digital Certificate authenticates you to other e-mail recipients and to servers, but it also provides a mechanism for the exchange of your public key. A system using S/MIME uses the recipients’s public key to encrypt the message. A certificate server on the local network or at a trusted certification authority (like Verisign or Thwte) allows the sendres’ email client to look up the recipient’s public key. When the recipient receives the message, he or she decrypts it but using his or her private key.

Publick Key Infrastructure (PKI) is the system that distributes and verifies digital certificates and handles the exchange of keys.

A Certificate Authority (CA) issues digital certificates and validates certificates that is has issued.