What is a Digital Signature?

A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes.

To be effective, digital signatures must be unforgeable. There are a number of different encryption techniques to guarantee this level of security.

How It Works

Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.

1. You copy-and-paste the contract (it's a short one!) into an e-mail note.

2. Using special software, you obtain a message hash (mathematical summary) of the contract.

3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.

4. The encrypted hash becomes your digital signature of the message. 

At the other end, your lawyer receives the message.

1. To make sure it's intact and from you, your lawyer makes a hash of the received message.

2. Your lawyer then uses your public key to decrypt the message hash or summary.

3. If the hashes match, the received message is valid.

No comments: