What's the significance of a digital signature?
When someone says that a particular digital certificate (like an SSL cert) has been "signed with a key", what does that imply? Does that mean the certificate simply includes a key that should be used for further message exchanges? Does that mean that the cert itself is encrypted and can only be decrypted with that key? Does it imply something else?
Ideally, it means that someone looked at the certificate and decided that it is correct and legitimate. Once they've done that, they want to tell people "Hey, I've verified that this certificate is good. I trust it". To do this, they use their signing key to sign the certificate. Now when someone gets the certificate they can see who signed the certificate. If they trust one of the signers, they can trust the certificate itself. This is the basis of Web Of Trust in PKI. The actual signing probably depends on what kind of certificate it is. I think this is a useful read. A digital certificate consists of three things: A public key. Certificate information. ("Identity" information about the user, such as name, user ID, and so on.) One or more digital signatures. Typically the "one or more digital signature" part is done by listing a set of encrypted hashes of the certificate. So when you want to sign a certificate, you would compute the hash of the certificate, encrypt it using your private signing key, and add it to the cumulative list of digital signatures.