A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital certificates can be kept in registries so that authenticating users can lookup other user’s public keys.

A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived without any tampering and also the sender cannot easily repudiate it later.

A certificate authority (CA) is a trusted thrid party in a network that issues and manages digital certificates. As part of a public key infrastructure, CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, then CA can issue a certificate.

A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. RAs are part of a public key infrastructure (PKI), a networked system that enables companies and users to exchange information and money safely and securely. The digital certificate contains a public key that is

used to encrypt messages.

A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

A public key infrastructure consists of

1. A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key.
2. A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor.
3. One or more directories where the certificates (with their public keys) are held.
4. A certificate management system.

Each person in PKI environment gets a pair of keys, one called the public key and the other called the private key. Each person's public key is published while the private key is kept secret. All communications involve only public keys, and no private key is ever transmitted or shared. No longer is it necessary to trust some communications channel to be secure against eavesdropping or betrayal. The only requirement is that public keys are associated with their users in an authenticated manner. Certification Authority who will issue digital certificates gives this authentication for public keys.

Anyone can send a confidential message by just using public key, but the message can only be decrypted with a private key, which is in the sole possession of the intended recipient. Similarly to produce digital signature, private key is used with any kind of message. So that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

There are number of commercial PKI vendors who can issue digital certificates for you like Verisign and Entrust. But you need pay money to get one for your use. Or you can visit their web page to apply for trial certificate. If your enterprise runs an in-house CA then you have contact your CA administrator.

Well, Almost all-standard browsers (IE, Netscape, etc) have plugins for digital certificate management. All you have too is, just load your certificate, contact certificates and root CA certificate in to the browser and configure your favourite E-mail client (say Outlook Express or Outlook if you prefer IE)

Nope. Currently no web based e-mail programs like yahoo, hotmail etc. supports this feature. Since you always need some repository to store your certificate and your contact address certificates.