Now that we know about asymmetric encryption and cryptographic hashes, we have the ingredients to build a very powerful tool: a mechanism to prove the authenticity of a message or document of any size.
The steps for creating a digital signature are simple:
1. Hash the message or document.
2. Encrypt the hash with your private key.
3. Provide your public key along with the original message and the encrypted hash.
To verify a signature:
4. Hash the original message or document.
5. Decrypt the encrypted hash with the provided public key.
6. Compare the hash from step 4 with the one obtained in step 5. If equal, the signature is valid.
Why hashing the message before encrypting it? Without going too much into detail, the two main reasons are performance gains (e.g. you only encrypt/decrypt a short hash value instead of a long text) and additional security against forging. The last point is a more advanced topic and may be covered in a future post. To visualise the process:
This method is used to sign and protect software, software updates, valuable documents, bank orders and a lot more.
You now have a pretty good idea of what digital signatures are and where they are used.