You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A **digital signature** is an object that can be used to {{glossary("authentication", "authenticate")}} the author of a document or message.
Digital signatures are usually based on {{glossary("public-key cryptography")}}, in which a key is created as a pair of keys, with the property that if some input is encrypted with one key, it can only be decrypted with the other key, and vice versa.
The creator of the key pair then makes one of the keys public and keeps the other one private. To sign a document, the key pair's owner creates a {{glossary("hash")}} of the document and encrypts it with the private key.
They send the document and the signature to the verifier, who hashes the document, then retrieves the public key and decrypts the signature: if this matches the hash then the signature has been verified, and the verifier can be confident that the signature was created by an entity with access to the private key.
The security of a digital signature system depends (among other things) on:
- The private key's owner keeping it safe: if other entities can access the private key, they can impersonate the owner.
- The public key used by the verifier being the genuine counterpart of the owner's private key: if an attacker could trick the verifier into trusting the wrong public key, they could impersonate the owner.
Verifiers often use {{glossary("digital certificate", "digital certificates")}} to check that public keys are genuine.
