Skip to main content

Introduction

Threats are everywhere in digital world and it is absolutely necessary to protect the sensitive data. Various techniques are used to protect the data. Each of them serves a different purpose or they mitigate a specific attack. For example ecryption is used to protect the data at rest or in transit so that the it can be decrypted by a entity which has the key for decryption.

Say we are sending a document to a person and the intended person has received it but how the recepient can be assured that the what he/she has received is in the original form and it has originated from the authentic source.

In physical world the intigrity, origin of a document or something is derived by physical signature or a stamp. In Digital world, Digital Sigrature ensures the same thing.

Digital Signature

Digital signature serves a powerfool tool to validate the authenticity and integrity of a document, message or software. We can say it is a digital equivalent of physical seal or stamp but this digital equivalent offers far more security than physical.

Digital signature uses a process called as Signing. The Sender Signs the message using the key which only he possess and attaches the generated signature to original messgae.

The Receiver of the message Verifies the integrity using the original messgae, signature and a key which is publicaly available.

So, even if someone alters the data in transit, the recipient of the information would know that this has occurred because the verification will nor generate the same result.

How it works

Digital Signature works on Asymmetric key cryptography where we have two keys. The private key stays with the sender. The other key which is called public key is freely available and it is used to decrypt the data encrypted by its corresponding private key.

Sign

During the signing process, a cryptographic algorithm is applied to the document or message, generating a unique hash value. This hash value is then encrypted using the sender's private key, resulting in the digital signature. The reason for using the hash here is, hashing generated much shorter fixed length for an arbitrary input and any change in the input results in a different hash value.

The signature is typically appended to the document or message, allowing recipients to verify its authenticity.

Verify

To verify the signature, the recipient uses the sender's public key, which is freely available. The recipient applies the same cryptographic algorithm to the document or message, generating a new hash value. They then decrypt the digital signature using the sender's public key, obtaining the original hash value. If the two hash values match, it confirms that the content has not been tampered with and that it originated from the claimed sender.