Digital Signatures

Digital signatures

Digital signatures are based on asymmetric cryptography which means – a message encrypted with one key is decrypted by a different key. Both keys in the scenario are mathematically related. So in other words – a message encrypted with public key can only be decrypted by its corresponding private key and a message encrypted with private key can only be decrypted by its corresponding public key.

In a general case a message is encrypted with public key (by the sender) and the receiver decrypts it with the private key (owned and held by him ONLY). This way all the intermediaries, even after getting hold of the message cannot decrypt as it can only be decrypted by the PRIVATE KEY (only held by the intended receiver).

In case of digital signature, the scenario is opposite. Here the intent is not encryption but rather AUTHENTICITY and INTEGRITY.  Explanation – I have a document. I make a hash out of it (called message digest). I encrypt the hash with my PRIVATE key. I send the original un-encrypted document along with the encrypted message digest. Explained with diagram below.

After receiving the pack (A and C). The receiver decrypts C (encypted hash) with his PUBLIC key. (Remember anything encrypted with PRIVATE key can be decrypted by its corresponding PUBLIC key and vice-versa).

If the decryption is successful then the authenticity of the sender is established as ONLY the SENDER had the private key.

Then the receiver hashes the original message and compares it with the decrypted hash (above step). If they are same it means the message is not tampered. Hence integrity is also established.

In the above process C (Hash encypted with PVK) is called the DIGITAL SIGNATURE.