Conventional technologies for public key infrastructure (PKI) allow users to exchange information in an encrypted form over an unsecured network through the use of a public and a private cryptographic key pair that is obtained through a trusted authority. A public key is a value provided by some designated authority as an encryption key that, when combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures. Public key are shared between users. Typically, an encrypted message will be sent from a sender to a receiver using the receiver's public key to encrypt the message. If encrypted with a receiving user's shared public key, the message can only be decrypted with a combination of the receiving user's public and private keys. An encrypted signature can be sent from a sender to a receiver using the sender's private key to encrypt the signature. The signature can be verified on the receiving side using the sending users public key.
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document. This is based on the principles that only the signor had access to the private key and thus the signature must be authentic if it verifies correctly using that sender's public key. A digital signature can be generated on some original content and a recipient can use the signature to validate that the original content of the message or document that has been sent has not been modified. Digital signatures (such as XML digital signature recommended by W3C) are easily transportable, cannot be duplicated, and can be automatically time-stamped. A digital signature can be used with any kind of message, whether the message is encrypted or not, simply so that the receiver can be sure of the sender's identity, and that the message arrived intact.
XML digital signatures provide integrity, message authentication, and signer authentication services. Digital signatures are created and verified using cryptography. Digital signatures are created by performing an operation on information. Those that receive content containing an XML digital signature can confirm both the identity of the signer, and the trustworthiness of the information.
A digital certificate is an electronic identifier that establishes credentials when conducting transactions over a network. A certification authority issues a digital certificate. A digital certificate contains information related to the certificate holder such as that holder's identity and electronic communication, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.