Digital Signatures is a type of mathematical techniques used to authenticate something. They are based on public key cryptography, where a user has a public key and a private key. When a user signs something with his private key, it is possible to use the public key to verify that the actual signature was done by somebody in possession of the private key. In a correct system, finding the private key from the public key as well as signing something without the private key is considered computationally infeasible.

Most digital signature schemes are based on public key encryption, and is done according to the description in Z0z' entry, with the caveat that the hash used has to be a secure hash. However, there do exist schemes that are not based on directly on a cryptosystem - DSA, an algorithm made by the US government to be able to sign but not encrypt, comes to mind.

There exists a special type of digital signature called a blind signature, where the possessor of a private key signs data without knowing what it is, and without later being able to verify that any particular piece of data was signed at a particular time. This plays a significant role in most digital cash schemes.

I disagree with Z0z on digital signatures being of little value without certificates. There are many cases where some form of certificate is useful, but this is not true in anywhere near all cases.

In the PGP world, certificates are done without any central certificate authority, instead relying on a web of trust (where each person effectively act as a certificate authority.)

In this plain English explanation of digital key signatures I will be making reference to examples and terms mentioned in my writeup of public key cryptography, so you may want to look at that first, especially if you are unfamiliar with the system. The technical explanation is in normal style text and the metaphorical example is in italics

So Bob has just recieved an email encrypted with his public key. He decrypts it and finds that it is a love letter from his friend Sue--she wants to take their relationship to the next level. Bob starts to get excited, but then has a terrible thought--what if the mail isn't really from Sue, what if it is from Eve, forging the email?

For an image you can think of Bob recieving an envelope with his lock on it, he opens it with his key and finds a message. He looks at the signature and compares it with others he already has but he isn't really sure if they match up, so he gets paranoid.

So how can Bob be sure it really is Sue? He can ask Sue to resend the message, but ask her to digitally sign it:

  1. Sue writes her profession of love in an email. She then digitally signs it by encrypting it with her private key. Normally what would happen is she would take Bob's public key (a really big string of data) and mix it in a special way with her email such that the only way of reading the email is by having the private key to decode it. Here what is happening is the opposite--kinda. Here she is taking her private key and mixing it (in the same special way) with her email, such that anyone with her public key can decrypt it. This means anyone can decrypt it, so it is a poor form of protection, but because the only way it could have been encrypted was with Sue's private key, Bob knows it must be Sue sending it.

    Sue makes a private set of locks that automatically unlock when they come in contact with one of her public locks. She writes her letter, she then seals it with one of these private locks, and then sends it to Bob. Bob recieves the mail and opens it using Sue's public lock and can be certain it was really Sue who sent the message.

  2. Now that Sue has digitally signed her message she then encrypts it with Bob's public key and sends it to him.

    She takes this envelope she has already locked with her private lock and tosses it in another envelope and seals it with Bob's public lock (from his public locker) and drops it in the mail.

  3. Bob receives the email, decrypts it using his private key, decrypts the signature using Sue's public key, and swoons--Sue really does love him!

    Bob gets the bulky envelope from Sue. He unlocks his public lock with his private key. He then grabs one of Sue's public locks and touches it to the lock on the inner envelope--it opens. He reads the message, and swoons!

Log in or register to write something here or to contact authors.