Real world analogy

A digital signature is a mathematical technique used to validate the authenticity and integrity of a document. Digital signatures create a virtual fingerprint which is unique to a user or entity to protect information in digital documents or messages. A signature confirms that the information originates from the sender and has not been altered.

Important terms?

In order to understand what a digital signature entails, we need to recap on the following terms:

i. Hash Function - This is a mathematical algorithm that generates a fixed length of numbers and letters from a file such as email, image, document, string or any other type of data. The generated string is unique for the file being hashed and it’s a one-way function - it cannot be reversed back. Popular hashing algorithms include: Secure Hash Algorithm-1(SHA-1) and Message Digest 5(MD5).

ii. Asymmetric Cryptography - This is a method of encryption used to encrypt and decrypt data using key pairs(private and public keys). The key pairs are generated using complex mathematical algorithms. For confidentiality we use public keys to encrypt and private keys to decrypt a message e.g When you want to send a message that only the recipient can read. When authenticity matters more we use private keys to encrypt data and public keys to decrypt e.g when you want to validate a message came from someone and has not been altered. These two keys are mathematically linked but not interchangeable. What one key encrypts, only the other can decrypt.

iii. Ceritificate Authority - Certificate authority is a trusted organization that acts to validate the identities of entitie such as websites, email addresses, companies, or individual persons and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.

How does a digital signature work?

In the figure above, we have two users: Alice and Bob. Alice digitally signs a file and wants to make sure that Bob can:

i) Verify the document came from her ii) Confirm that the document has not been altered during transmission.

Step by Step BreakDown.

1. Hashing the Document Alice will first hash the file. We said that a hash is a fixed-size string that uniquely represent the content of a file. In this example the generated hash is:

1
a591a6d40bf4

2. Signing the Hash

Alice then signs(encrypts) the hash using her private key. Here she will use her private key creating a digital signature. The request now contains the following:

i) The original content - Could be HTTP request payload/document/file etc ii) The digital signature - Hashed file and encrypted with private key iii) Alice’s public key or certificate for verification.

Bob Receives the Document

3. Verifying the signature. Bob receives Alice’s document and digital signature. He uses Alice’s public key to decrypt the digital signature. The decrypted text is equal to the hash. He then hashes the document sent together with the digital signature using the agreed hashing algorithm. If the hashes are equal this means: i) The document was signed by Alice and has not been tampered with. ii) The signature is valid and hasn’t been tampered with.

Conclusion

As paperless, online interactions are used more widely, digital signatures can help you secure and safeguard the integrity of your data. By understanding and using digital signatures, you can better protect your information, documents and transactions.