Digital signatures in a nutshell
To understand digital signatures we first need to know about asymmetrical encryption. This method of encryption uses a pair of keys as opposed to traditional encryption where there is only one key. RSA is one of the most used asymmetrical encryption technique.
What is and why did we invent asymmetrical encryption?
Let’s say that you want to send an encrypted message to someone using traditional encryption, in that case both parties need to agree on one key. You can’t send it to each other because then there is the possibility of someone seeing it, in that case they can see all of the messages you send. This was actually how we sent hidden messages until the 1970s. It was at this time we invented asymmetrical encryption and it’s still used everywhere today.
Asymmetrical encryption uses a pair of keys, a public and private key that mathematically belongs together. What is encrypted with the public key can only be decrypted with associated private key. Now if anyone wants others to send encrypted messages to themselves, they simply give out their public key for everyone to see. When they receive a message they simply use their private key to decrypt it, as messages encrypted with their public key can only be decrypted with their private key. But everything is based on keeping the private key secure. This turns out to be very valuable as we don’t have to worry about one key that needs to be shared in a safe way.
In short, this is how hidden messages is sent between two parties:
- The two parties give each other their public keys.
- Person 1 uses person 2's public key to encrypt the message they want to send and sends it to person 2.
- Person 2 uses their private key to decrypt the message.
Another term for asymmetrical encryption is public-key cryptography.
How is asymmetrical encryption used for digital signatures?
It is not only used for secure communication, but also for digital signatures, for instance electronic identification (eID) and signing documents. In short digital signatures work by signing (encrypting) something with a private key which is later verified by the associated public key. This builds on the fact that the signer is the only one who has access to the private key with which the signature was created, so you can be sure it was this person who signed.
Example: Digital signing of a document
Let’s say John needs to sign a document. He starts with creating a hashed value of the document using for instance the SHA-256 algorithm. Then he signs (encrypts) the hashed value with his private key and adds the result to the document, the result is the signature. Now another part wants to verify that is was really John who signed the document. This is done by decrypting the signature with John’s public key and comparing the result to a once again hashed value (with the same SHA-256 algorithm) of the document. The signature is valid if the two hashed values is the same.
Why do we create a hashed value of the document before signing it? Simply because it makes it easier to compare the final result when you want to verify the signature. So instead of comparing the whole document we only need to compare the hashed values. It works by the fact that hash algorithms always generate a unique value with a fixed length.
Benefits of digital signatures
- A digital signature is basically impossible to fake if you don’t have access to someone’s private key.
- You can be sure that the content of a document has not been tampered with after signing, due to the original state of the document being “embedded” into the signature.
I will not go through the algorithm behind RSA encryption in this post because I don’t think it’s necessary to understand the basics of digital signatures.