The digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged.
The digital signature is a digital guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the content were altered.
The two major applications of digital signatures are for setting up a secure connection to a Web site and verifying the integrity of files transmitted.
Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped.
The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact.
A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
In cryptography, digital signatures are a method of authenticating digital information often is analogous to a physical signature on paper. Whilst there are analogies, there are also differences which can be important. The term electronic signature, although used for the same thing, has a distinct meaning: it refers to any of several, not necessarily cryptographic, mechanisms for identifying the originator of an electronic message. Commonly such electronic signatures have included cable and Telex addresses, as well as FAX transmission of handwritten signatures on a paper document.
How It Works
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
You copy and paste the contract into an e-mail note.
Using special software, you obtain a message hash of the contract.
You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
The encrypted hash becomes your digital signature of the message. At the other end, your lawyer receives the message.
To make sure it's intact and from you, your lawyer makes a hash of the received message.
Your lawyer then uses your public key to decrypt the message hash or summary.
If the hashes match, the received message is valid