Digital Signature

What is a digital signature?

We all use a signature on a document as proof of identity and intent. This assures that someone cannot deny the validity of the content in that document.
In the digital era, we called it a “digital signature” which proves the origin of the data and its integrity. Digital signatures are everywhere. It is an electronic verification of the sender for the document. A digital signature helps in maintaining evidence so that the sender and receiver of the data cannot deny the communication involved. This situation is called as “Non-repudiation” in the security world.
The digital signature provides proof of the sender’s identity and also ensures that the message was not altered in transit. Digital signatures are frequently used where it is important to detect tampering and forgery.

How does it work?

Generally, the following steps will need to occur:
  • The sender generates a pair of keys – Privatekey and Publickey.
  • The sender keeps the private key and sends the public key to the receiver.
  • The sender creates the content (plain text) which is supposed to be sent to the receiver.
  • The sender generates a digest by hashing the content using some hashing algorithm.
  • The sender encrypts the digest using the private key. This encrypted digest is Digital Signature for the content created.
  • The sender then sends the content as well as the digital signature to the receiver.
  • The receiver decrypts the digital signature using the sender’s public key and gets the digest. If this step fails, it means that content is not sent by the expected sender. This is a scenario of authentication failure.
  • Once the digest is received, the receiver can check the integrity of the content by hashing the content using the same hash algorithm which is used by the sender and compare the outcome to the digest received.
  • If the generated digest is same then the receiver can be confident that content is not changed. If the digest is not the same, then the receiver can confirm that the content has been tampered with in transit.
Using a digital signature does not mean that content is encrypted.