Digital certificates: What is the difference between encrypting and signing

Question

I am relatively new to PKI, certificates and all related stuff.

As far as I understand in public-key cryptography one encrypt with a public key and decrypt with a pr

Answer 1

public keys encrypt, private keys decrypt for encryption and for digital signatures, it is the reverse.
Tip: Imagine public key as padlock and private key as key which opens the padlock.

Two of the best-known uses of public key cryptography or asymmetric cryptography are digital signature and Public key encryption. In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key.

To use a Digital Signature or Public key Encryption we must have a digital id or digital certificate or pubic key certificate or identity certificate. It is an electronic document used to prove the ownership of a public key.

• Digital Signatures in which a message is signed with the sender's private key and can be verified by anyone who has access to the sender's public key. This verification proves that the sender had access to the private key, and therefore is likely to be the person associated with the public key. This also ensures that the message has not been tampered with, as a signature is mathematically bound to the message it originally was made with, and verification will fail for practically any other message, no matter how similar to the original message. An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the unique seal authenticates the sender.

• Public Key Encryption in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality. An analogy to public key encryption is that of a locked mail box with a mail slot. The mail slot is exposed and accessible to the public – its location (the street address) is, in essence, the public key. Anyone knowing the street address can go to the door and drop a written message through the slot. However, only the person who possesses the key can open the mailbox and read the message.

img src

• A Public Key Infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

img src

Authorities:

• Registration Authority (RA), Certificate Authority (CA) and Validation Authority (VA)

Algorithms:

• DES (Data Encryption Standard) and Triple DES (a stronger variant of DES), AES(Advanced Encryption Standard) are Symmetric key cryptosystems. Which uses the same key for encryption and decryption.

• DSA(Digital Signature Algorithm) and RSA(Ron Rivest, Adi Shamir and Leonard Adleman) are public-key cryptosystems, which are widely used used for secure data transmission. DSA provide only digital signatures and RSA provide both digital signature and encryption.