5 mins
Intro
Digital signatures are akin to a handwritten signature and are an electronic verification of the sender of a message. Signatures are ubiquitous with modern internet authentication and are built upon the concept of public key encryption. If you don’t know what that is check out my article on the topic!
Digital Signature
Digital signatures serve 3 main purposes:
- Authentication: Allows a message receiver to know that a message was created and sent by the claimed sender.
- Non-repudiation: The message sender cannot deny sending the message
- Integrity: Ensure a message was not altered in transit.
Signatures are used where we want to know that some sensitive data was not forged or altered in transport. Emails are commonly digitally signed.
When signing messages you must do so with a private key. Only the sender of the message should have this key. With it, we can create a signature that we attach to the message. The receiver can use a public key that you have made available to decrypt the signature and verify that it was you who sent it. This may sound similar to public key encryption so let's clear up any confusion.
Disclaimer❗- Digital signatures do not encrypt messages, they are a piece of data within a message that can give a guarantee about who sent the message.
Signatures are more concerned with verifying the identity of a sender than encrypting and securing a message.
Here’s a diagram to explain how it works:
BRIAN ADD A DIAGRAM