Digital Signature is, as it implies, the digital equivalent of handwritten signature that carries a distinctive digital pattern to identify a person or system. The public-key cryptography is used to sign a document that would provide a non repudiation way to prove that a document is sent by the owner of the document and not tempered with in the middle. Let's see this in action -
- The process starts by generating a key-pair: public key and private key. The public key is distributed publicly to the world and private key is kept secret to the owner of the key pair. The distribution of public key is done in various way, such as: key signing party, publishing on a well known website etc.
- Now, using an one-way cryptographic hash function (e.g. MD5, SHA-1, SHA-2, etc.), the message digest or hash code is generated from the original document. Hash functions take an arbitrarily long piece of plaintext and compute from it a fixed length string
- The message digest is then encrypted using the private key and the encrypted hash code is appended to the document. This is the digital signature
- The receiver would first generate the hash code of the document using the same hash function of the sender
- The receiver decrypts the added hash code using the sender’s public key
- The receiver compares these two hash codes and if they matches, then it’s proved without doubt that the document is sent by the owner and moreover, the document wasn’t tempered in the delivery. If the two hash codes do not match, it’s an indication that either the document is not sent by the owner or it’s tempered in the communication