Digital signatures in a nutshell

To understand digital signatures we first need to know about asymmetrical encryption. This method of encryption uses a pair of keys as opposed to traditional encryption where there is only one key. RSA is one of the most used asymmetrical encryption technique.

What is and why did we invent asymmetrical encryption?

Asymmetrical encryption uses a pair of keys, a public and private key that mathematically belongs together. What is encrypted with the public key can only be decrypted with associated private key. Now if anyone wants others to send encrypted messages to themselves, they simply give out their public key for everyone to see. When they receive a message they simply use their private key to decrypt it, as messages encrypted with their public key can only be decrypted with their private key. But everything is based on keeping the private key secure. This turns out to be very valuable as we don’t have to worry about one key that needs to be shared in a safe way.

In short, this is how hidden messages is sent between two parties:

  1. The two parties give each other their public keys.
  2. Person 1 uses person 2's public key to encrypt the message they want to send and sends it to person 2.
  3. Person 2 uses their private key to decrypt the message.

Another term for asymmetrical encryption is public-key cryptography.

How is asymmetrical encryption used for digital signatures?

Example: Digital signing of a document

Why do we create a hashed value of the document before signing it? Simply because it makes it easier to compare the final result when you want to verify the signature. So instead of comparing the whole document we only need to compare the hashed values. It works by the fact that hash algorithms always generate a unique value with a fixed length.

Benefits of digital signatures

  • A digital signature is basically impossible to fake if you don’t have access to someone’s private key.
  • You can be sure that the content of a document has not been tampered with after signing, due to the original state of the document being “embedded” into the signature.

I will not go through the algorithm behind RSA encryption in this post because I don’t think it’s necessary to understand the basics of digital signatures.

Thank you for reading!



I write about things I learn and find interesting

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store