Digital Signature

A digital signature is a special file that can be used to confirm the identity of the owner or sender of an electronic document, and to guarantee that the original content of the document that has been sent has not changed since its generation. A signature can be generated on any type of message or file.

Digital signatures provide at least three very important services:

• Authentication: assurance that the owner/sender of the file is who he says he is
• Integrity: assurance that the file has not changed
• Non-repudiation: the sender/author can not deny that he/she generated the file

Digital signatures use asymmetric encryption. In this scheme, a user has two keys: one public, to be distributed freely, and the other private, to be kept secret. For each private key there is one unique public key. A sender uses a private key and a signing algorithm (also publicly known) to sign a file. After the file has been signed, he sends it along with the signature, to the receiver. The receiver, in turn, will use the public key of the sender (that he has acquired beforehand) and a verification algorithm on the signature. If he is able to recover the document, it is guaranteed that the originator of the signature is really the sender.

Normally the sender does not generate the signature based on the whole document. Instead, a “digital digest” is generated over the document, and it is this digest that is signed. A digital digest is a unique, small file that results from a cryptographic function (called a “hash function”) on the document. The recipient gets the document and the signature, generates the digest on the document, and uses the public key of the sender in the signature. If he gets the same digest he was sent, he can be sure that the file is from its stated sender, and that it has not changed since its generation.