Understanding Digital Signatures.
The name itself suggests “Digital Signatures” are a digital equivalent of the old school signatures we have heard about since childhood.
We all know the normal signatures are “way” to prove that a document is validated and authenticated by an individual or an organization. So, simply putting “Digital Signatures” are supposed to accomplish the same process “Digitally”, since everything is digital these days why not
“A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).”
Sounds clear enough??
A little more on the uses of Digital Signatures from Wikipedia
“Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, con, and in other cases where it is important to detect forgery or tampering.”
Wikipedia gives us the exact definition but a little simpler would be better, isn’t?
Starting…
How this all works.
Digital signature works on the concept of asymmetric cryptography i.e. two keys namely a public key and private key are involved here (these can be generated using some public key algorithm like RSA).
These cryptographic keys are mathematically linked. The private key is used by the individual creating the digital signature to encrypt signature related data (the document’s data hash, which can be created using SHA2 or MD5 but actually MD5 is broken so SHA2 is a better option).
When the receiver receives the document along with the digital signature (encrypted hash of the document data), the receiver using the public key of the sender de-crypts the hash and compares this with the second computed hash of the received document data.
If both the hashes match, then the document has not been tampered with otherwise it has been tampered.
As usual, breaking it down in steps for simplicity’s sake.
1. A hash value of the document or message to be sent is created (using any hash function.)
2. This hash value is now encrypted with the sender’s private key and the digital signature is created.
3. The original document or message along with the digital signature is sent.
4. The recipient of the message upon receiving the message and the digital signature (encrypted hash created in point 2.) decrypts the digital signature with the sender’s public key.
5. The recipient now compares the decrypted hash with the computed hash of the document or message received.
6. If the hashes match, then the message is proved to be untampered and is really sent by the expected signer.
That’s about it, the above six steps basically covers the complete process of digital signing.
Please feel free to correct me or enhance my knowledge on this matter in the comments, it will be greatly appreciated.
