Digital Signature

A digital signature is a cryptographic technique for assuring message integrity. Digital signatures rely on hashing algorithms and asymmetric (public key) encryption. The essential steps in creating a digital signature are as follows:

1. Create a public/private key pair.
2. Create a message.
3. Apply a hashing algorithm to the message, creating a hash.
4. Append the hash to the message and encrypt with the sender's private key.

After the message is transmitted, message integrity is verified through these steps:

1. Obtain the sender's public key.
2. Decrypt the combined message + hash with the sender's public key.
3. Independently compute the hash of the message, using the same algorithm the sender used.
4. Compare this new hash with the sender's hash. They should be equal.

Because the sender's hash is encrypted in transit, it should not be subject to manipulation. Also, because the encryption relies on the sender's public/private key pair, the message can only come from the sender. Digital signatures, however, do not assure that the supplier of the public/private key pair for the signature is honestly representing his or her identity. For this reason, digital signatures are often supplemented with identity assurance techniques such as digital certificates.

References:

http://www.us-cert.gov/cas/tips/ST04-018.html

http://www.windowsecurity.com/articles/digital_signatures.html