Digital Signature
A digital signature is a small amount of data that was created using some
secret key, and there is a public key that can be used to verify that the
signature was really generated using the corresponding private key. The
algorithm used to generate the signature must be such that without knowing
the secret key it is not possible to create a signature that would verify as
valid.
Digital signatures are used to verify that a message really comes from the
claimed sender (assuming only the sender knows the secret key corresponding
to his/her public key). They can also be used to timestamp documents: a
trusted party signs the document and its timestamp with his/her secret key,
thus testifying that the document existed at the stated time.
Digital signatures can also be used to testify (or certify) that a public
key belongs to a particular person. This is done by signing the combination
of the key and the information about its owner by a trusted key. A digital
signature of an arbitrary document is typically created by computing a
message digest from the document, and concatenating it with information
about the signer, a timestamp, etc. The resulting string is then encrypted
using the private key of the signer using a suitable algorithm. The
resulting encrypted block of bits is the signature. It is often distributed
together with information about the public key that was used to sign it. To
verify a signature, the recipient first determines whether it trusts that
the key belongs to the person it is supposed to belong to (using the web of
trust or a priori knowledge), and then decrypts the signature using the
public key of the person. If the signature decrypts properly and the
information matches that of the message (proper message digest etc.), the
signature is accepted as valid.
A digital signature is created as follows: |