Digital signature

In asymmetric encryption, the sender and the recipient, each has a pair of keys, a public key and a private key. The public key and private key are mathematically linked together. If a message is encrypted with one, the other one and only the other one can be used to decrypt the message. The sender encrypts the confidential message with the recipient's public key and then sends the message to the recipient. The recipient decrypts the message with his own private key. The pair of keys can be used another way round. When it is important to verify who the sender is, the sender can encrypt the message with his/her private key, and the recipient can decrypt the ciphertext with the sender's public key. Remember that only the sender's public key can be used to decrypt the message. Therefore, used this way, the message has a digital signature identifying the sender.

As described above, digital signature is used to identify the sender. It is not important if someone else has read the message. The recipient just wants to be sure that the message is from the sender who claims who he/she is and the message is not changed in transit.

The drawback is that the whole message is encrypted. An alternative is to use a one-way hash function. The function creates a unique number from the message, called digest or hash value. The digest is much shorter than the original message. One-way means that the original message can NOT be get from the digest. The hash function works in such a way that even a tiny change in the original message would result in a completely different digest. The sender encrypts the digest with his/her private key and then send the message and the encrypted digest together to the recipient. When the recipient gets the message, which contains the original message and the encrypted digest, he/she hashes the original message again to get a digest, and decrypt the encrypted digest using the sender's public key. He/She then compare the hashed digest to the decrypted digest. If they are the same, the recipient can be sure that the message is from the one who claims he is and the message has not been changed in transit.

Currently, the most commonly used hash function is SHA256.

It is possible that an attacker can pretend to be the sender and start the conversation from the start. The attacker can use his/her computer to generate a pair of keys and give the public key to the recipient, and then generate a fake message, hash it, send it with his/her digital signature to the recipient. So, how can the recipient really be sure that he/she is communicating with the real sender?  We'll talk about it later.