What is a Digital Signature?
Created May 4, 2012
Lennart Jorelid
Digital Signatures are used to ensure the identity of a sender. In conjunction with Message Digests, Digital Signatures prevents someone from altering a message and falsely claiming you wrote the altered message. Digital Signatures are a byproduct of public key cryptography, as demonstrated below. (Believe me, it is simpler to describe the concept of a Digital Signature by taking an example).
First, let us describe the key pair with its two keys:
Concept | Illustration | Description |
---|---|---|
Key Pair | ![]() |
Related pair of keys (binary data) generated using a key pair generating algorithm. |
Private Key | ![]() |
The sender's secret/private key, from the key pair above. This key must never be known by anybody but the sender. |
Public Key | ![]() |
The sender's public key, from the key pair above. This key may be freely distributed to anybody. |
The process of creating a Digital Signature is fairly straighforward:
Process Step | Illustration | Description |
---|---|---|
Create a Message Digest | ![]() |
The Message Digest data block is produced from the plaintext message. |
Sign the Message Digest with the user's Private Key | ![]() |
The Message Digest is signed with the key which is kept by the sender only. |
Digital Signature verification | ![]() |
Using the public key of the sender, any recipient can verify that the decrypted Message Digest matches the plaintext's. |
Since the sender of the message is the only person who has possession of the private key, the recipient may verify the identity of the sender.