Digital signature: Difference between revisions

	Main Article	Discussion	Related Articles  [?]	Bibliography  [?]	External Links  [?]	Citable Version  [?]
	This editable Main Article is under development and subject to a disclaimer. [edit intro]

Template:TOC-right Digital signatures provide source authentication for online documents, messages or records, in a manner analogous to what a signature provides for a paper document.

Two cryptographic techniques are used together to produce a digital signature, a cryptographic hash and a public key cryptosystem.

The steps for the sender are as follows:

• calculate a hash or message digest from the message
• encrypt that hash with the sender's private key
• append the encrypted hash to the message as a signature

Steps for the receiver are:

• obtain the sender's public key and verify its validity
• decrypt the signature, using the sender's public key, to get the hash value; call it H₁
• hash the message body yourself to get another hash value, H₂
• compare H₁ and H₂
• if they are identical, then you know with overwhelming probability:
  • the documents signed (hash H1) and the document received (hash H2) are identical (from properties of a cryptographic hash)
  • whoever encrypted H1 knew the signer's private key (which only he should know in a public key system)
• so you can accept the signature as valid

If both the hash and the public key system used are secure, and no-one except the sender knows his private key, then the signatures are trustworthy.