Thursday, November 15, 2018

What Is a Digital Signature?

Digital Signatures can authenticate that a message was sent by the person holding the sender's private key and verify that the message hasn't been tampered with.

Typically, this is done by generating a cryptographic hash of the original message and then encrypting the hash with the sender's private key (the reverse of what is done to encrypt the message body). This is called signing the message. The image below is from Wikipedia.

Even small changes to the message radically alter the hash. 
When the recipient receives the message, they decrypt the hash with the sender's public key and verify the result. If the hash is correct, it proves that the person holding the sender's private key sent the message. If the hash is incorrect, then the message has been tampered with—or it wasn't sent by the alleged sender.