Digital Signature
A digital signature is a cryptographic mechanism that proves a piece of data was created by a specific party and has not been altered since it was signed, using asymmetric key pairs to provide authenticity, integrity, and non-repudiation.
Definition
A digital signature is a cryptographic mechanism that proves a piece of data was created by a specific party and has not been altered since it was signed, using asymmetric key pairs to provide authenticity, integrity, and non-repudiation.
Overview
To create a digital signature, the signer first computes a Hashing Algorithm of the data, then encrypts that hash with their private key using Asymmetric Encryption. Anyone with the signer's public key can decrypt the signature to recover the original hash, independently hash the received data themselves, and compare the two — if they match, the data is verified to be authentic and unaltered. Because only the holder of the private key could have produced a valid signature, digital signatures also provide non-repudiation: the signer cannot credibly deny having signed the data. This makes them foundational to software distribution (verifying that a downloaded package hasn't been tampered with), TLS certificates (a Certificate Authority digitally signs a website's certificate to vouch for its identity), legally binding electronic document signing, and blockchain transactions. Digital signatures are a core building block of Public Key Infrastructure (PKI), which manages the certificates and trust relationships that make signature verification meaningful at internet scale.
Key Concepts
- Combines hashing and asymmetric encryption to prove authenticity and integrity
- Signer uses their private key; anyone can verify with the signer's public key
- Provides non-repudiation — the signer cannot credibly deny signing
- Detects any tampering with the signed data after signing
- Underpins TLS certificates, software package verification, and e-signatures
- Core building block of Public Key Infrastructure (PKI)