# Digital Signatures ## What is a Digital Signature A digital signature is a cryptographic mechanism that provides authentication, integrity, and non-repudiation for digital messages and documents. A digital signature proves that a message or document was created by a specific entity and has not been altered since it was signed. It is the digital equivalent of a handwritten signature or a wax seal, but provides much stronger security guarantees. Digital signatures are used for signing software to verify it has not been tampered with, authenticating email, signing legal documents electronically, and validating certificates in public key infrastructure. ## How Digital Signatures Work Creating a digital signature involves two steps. First, a cryptographic hash function is applied to the message to produce a fixed-size digest that uniquely represents the message content. Second, the hash digest is encrypted with the signer's private key to produce the signature. The signature is attached to the message. The original message is sent unencrypted alongside the signature. To verify the signature, the recipient decrypts the signature using the signer's public key to recover the hash digest, then independently computes the hash of the received message, and compares the two hash values. If they match, the signature is valid, proving the message came from the owner of the private key and has not been altered. ## Properties of Digital Signatures Authentication means the signature proves the message came from the entity that owns the private key used to create the signature. This proves the identity of the signer. Integrity means if the message is altered in any way after signing, even a single bit change, the hash values will not match and the signature verification will fail. Non-repudiation means the signer cannot later deny having signed the message because only they have the private key needed to create the signature. ## Hash Functions in Digital Signatures Hash functions used in digital signatures must be cryptographically secure. They must be one-way, meaning it is computationally infeasible to find the original data from its hash. They must be collision resistant, meaning it must be computationally infeasible to find two different inputs that produce the same hash output. SHA-256 and SHA-3 are the current recommended hash algorithms for digital signatures. MD5 and SHA-1 are deprecated because of discovered vulnerabilities. ## Public Key Infrastructure For digital signatures to be useful in practice, there must be a way to verify that a public key truly belongs to the entity it claims to represent. Public Key Infrastructure or PKI provides this through digital certificates issued by trusted Certificate Authorities. A certificate binds a public key to an identity and is signed by the Certificate Authority. Web browsers come with a pre-installed list of trusted Certificate Authorities, enabling them to validate certificates for HTTPS websites.