• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

What is Digital Signature and How it Works?

by wing

A digital signature is an electronic equivalent of a physical signature. Just like the way a signature in a paper authenticates the signer, the digital signature also confirms the authenticity of the owner. Besides, it ensures that integrity of the data and non-repudiation. Non-repudiation means that the sender cannot later deny that he did not send the message. So, if you have a digitally signed copy of a document, you can say that the sender of the document is authentic and the data in the document has not been modified by any intruders. Therefore, a digital signature has three purposes:

  1. Authenticity of the source
  2. Data integrity
  3. Non-repudiation

how digital signature works

Note: Remember that a digital signature never confirms the confidentiality of a document. Data confidentiality depends on the encryption mechanism.

Practical application of digital signature: for example, your customer regularly sends you order for product delivery via email. As you already know that receiving an email with a particular email address does not necessarily mean that the real person has sent you the email because emails address can easily be spoofed( a way to create forged sender address), which means that any intruder can send you a fake email using your customer’s email address. So, the question is how to confirm that the real customer is sending you the email, not any other person with evil intention. You will be sure about the origin of an email only when you are sure that the email is being signed digitally.

 

How digitally signed document is created?

For example, computer B wants to send an email or a digital document to you and you want it to be digitally signed so as you can confirm the source of the document. Before sending the documents to you, the computer B will follow the following process to create a digital signature:

  1. At first, computer B will create a message digest using contents of the document. Remember that a digest is a fixed-length string of characters that is created by applying mathematical equation(hashing functions) on the original message. So, every message has a unique digest and it will not match with the digest of any other message. After creating a digest, if anyone alter the original message and then create a digest, then the new digest will not match with the previous message. The digest will always be the same if only the message remains unaltered.
  2. Once you create a digest, you need to encrypt it with your private key. This encrypted format of the digest is called digital signature which is added to the original message and is sent to the destination.
  3. When the message arrives to its destination, the receiver will decrypt the digest using the public key of the sender. That will ensure the authenticity of the sender because the message was encrypted with the sender’s private key and it can only be decrypted with his public key.
  4. To prove the integrity of the message, the receiving computer will generate a digest from the message and match it with the received digest. If both the digest matches, it will ensure that the message was not altered by anyone on the way.

Components of digital signature

To sign a document digitally, we require two components: PKI (public key cryptography) and hashing algorithm.

Digital signature standard

In USA, NIST (National Institute of Standards and Technology) specifies the standard for digital signature which is known as Digital Signature Standard (DSS). According to this standard, all the federal office need to use SHA1 or SHA2 for hashing. This document also specifies the following three encryption algorithms that can be used in a digital signature:

  1. DSA-The Digital Signature Algorithm
  2. RSA-The Rivest, Shamir, Adleman
  3. ECDSA-The Elliptic Curve DSA

In simple words, a digital signature is a hash value that is encrypted with the private key of the sender and we use it to ensure data authenticity, integrity and non-repudiation.

Related posts:

  1. HSRP Configuration(Hot Standby Routing Protocol)
  2. MySQL Security Settings Checklist and Issues
  3. What are Cookies in Web Browser
  4. How to Check BlackListed IP of WebServer and Website

Filed Under: Internet Security and Safety Tagged With: digital signature, encryption

Primary Sidebar

Please help us sharing

Categories

  • AWS
  • Basics
  • Containers
  • Cryptocurrency
  • Cyber
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Law & Human Rights
  • Network Security Tips
  • Off Track
  • Social Media Governance
  • Tech Comparisons
  • Tech Stack Suitability
  • Telecom
  • Tutorial

CISSP Sample Test

Take a CISSP Sample Test

CISA Sample Test

CISA IT governance Sample test

Please Follow Us

Contact us for Ads

Go to Contact Form

Search

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

audit AWS backup basics browser check cisco cloud computer configuration cyber data database email gmail hsrp ids iis informaiton internet kubernetes linux load balancing malware microsoft network protection redundancy risk router security security tips server social media SSL switch test tools vpn vrrp web webserver website windows wordpress

Copyright © 2010-2025 ·All Rights Reserved · SecurityWing.com