A digital signature certificate is an electronic document containing personal data about an individual. It can be used to validate the identity of a person over the internet, and it is often used in email encryption. The first certificates were developed by organizations that wanted to ensure that communications could not be intercepted without being detected. Today, digital signatures are also being used for authentication purposes to protect confidential information.

When you obtain a digital signature certificate, you are given a pair of keys: one public and one private. These keys are mathematically linked so they cannot be separated from each other. When you sign something with your private key, it will show up as having been signed with your public key when viewed with your public key.

What is a digital signature certificate?

If you have never seen one before, check out this wiki page on Digital Signature Certificates. You’ll also need to study the four articles in the Digital Signature Certificate section of the How to Sign with Bitcoin reference manual.

Why should I get a digital signature certificate?

Digital signatures are very useful, especially if you use bitcoin. As you can see from the diagram below, you can use digital signatures to:

Synchronize bitcoin addresses

Decide who owns a particular bitcoin address

Create proof of ownership (wallet signatures)

For a closer look at how digital signatures work, take a look at this How to Sign with Bitcoin chapter in the Digital Signature Manual, or read more about digital signatures in this article.

Why do I need a digital signature certificate?

As a security protocol, digital signatures provide a secure way to prove that someone is actually you or that you have a right to sign something with their key.

How do I sign something?

On the web, we use a tool called a certificate authority (CA) to issue certificates to other users. You use a CA to generate and sign the digital signature. To sign something using a certificate authority, you need a digital signature certificate.

Most people use Windows’ certificate-signing manager (basically a software for handling certificate requests) to sign things, but you can also use a program like aLiveCD.

Go to your certificate-manager control panel, and right-click your Windows start-up folder to find the default certificate-manager command line tool.

How does a digital signature work?

When you give someone a digital signature, you are asking them to sign a document containing your public key. That document contains information about a specific subject, and the subject of that document is held in your public key.

The document that I’m referring to is an email.

Imagine that you have your private key on your computer. You send your private key to a friend who you know needs to read your email. She can have it as long as you don’t send it to anyone else. That’s all that’s needed for a digital signature to be accepted.

Now imagine that a second person has your public key. You can send him an email and he will read your email. He can’t forward it to anyone else. You’ve sent it to yourself.

How does encryption and signing work?

Encryption

On your computer, the key used to encrypt data is in the Public key file (shown in blue on the right). It may look like this:

My password-protected file.

It’s important to remember to change the password on your computer once you have unencrypted your file. Also, note that only your laptop will see your encrypted file; other people will only see the file with the password on it.

The digital signature is really just a cryptographic hash. For example, your password could be a simple value that follows this pattern:

1234 1234 1234 1234

My password-protected file, however, will be encrypted using a complex hash that includes this value:

{88 4e 00 00 00 00 00 00}

(This is a widely used SHA-256 hash.

Who can you trust to issue your digital signature?

It is up to the individual certificate owner to secure the digital signature keys for each user on their servers. If the owner of the key is hacked, they could be the cause of all of your encrypted data being readable. When digital signatures are signed, they are encrypted to both the client and server with a secret key (hereafter called the “signing secret”). The signer of the signature (hereafter called the “signer”) can use their signing secret to reveal the contents of the signature in the end, allowing the signer of the signature to prove that the contents of the signature were encrypted with a secret signing secret.