Let’s talk about how to make a Digital Signature. How can we be sure that a digitally signed document is indeed from the right person? To understand that let’s see how it works.
So to make a digital signature you need:
- asymmetric key pair — two keys, 1st secret which can only encrypt, 2nd public which can only decrypt
- certification authority where you could check if a given public key is from the sender,
- hashing function which can make from big documents a relatively small but unique identifier called digest or hash.
To sign the document you need to:
- make a digest with a hash function for it
- encrypt only generated digest with private key and make the signature
- send the document with the signature and your public key
The receiver to verify the signature can:
- generate the digest separately
- decrypt the signature
- compare generated digest with decrypted one — if they are matching then the signature is confirmed.
Why we can be sure of the signature:
- unique digest ensures the integrity of the document- if someone changes the document in the middle the digest will not be the same,
- asymmetric key pair is given by the certification authority so only the right person can have the private key and the public key could be confirmed there too,
- and last but not least, encrypting process could be done only by the private key owner — if it would be different the decrypted digest would not match the generated one.
And that’s the whole story! Any questions or doubts?