What is a Digital Signature?
A digital signature is a mathematical scheme using which we can verify the authenticity of a digital message. If a sender sends a digital message to a recipient and the recipient wants to be sure that the digital message was indeed sent by the sender and it is unmodified after it is sent, then the sender needs to digitally sign the message.
Why do we need a Digital Signature?
We know that if a sender wants to send a sensitive message to someone so that no unauthorized third-party can read it, then the sender needs to encrypt the message. There are two types of encryption – symmetric key encryption and public-key encryption.
In symmetric-key encryption, the same secret key is used for both encryption and decryption. So, if Alice wants to encrypt and send a message to Bob using symmetric key encryption, then Alice and Bob need to share the secret key in a secure way.
But, sharing a secret key may not always be convenient. The Internet is unsecured by default. So, we can use public-key encryption.
In public-key encryption, two different keys are used for encryption and decryption. A user firstly needs to generate two different keys called the public key and the private key. The private key is kept secret and the public key can be shared with others. If a message is encrypted with the public key, then it can be decrypted with the corresponding private key and vice versa.
So, if Alice wants to send an encrypted message to Bob using public-key encryption, she can do so easily. Alice needs to encrypt the message using the public key of Bob and send it across. Bob can decrypt and read the message using his private key.
As the private key is secret to Bob, no one other than Bob can decrypt and read the message sent by Alice. But, there is a problem here. Bob’s public key is public and anyone can use the key to send an encrypted message to Bob. So, how can Bob be sure that the encrypted message is indeed sent by Alice and the message is unmodified after it is sent?
Using only encryption it is difficult to verify the authenticity of a digital message. And so, we use a digital signature.
How does Digital Signature work?
A digital signature is made using the private key of a user. So, if Alice wants to digitally sign a message, she can do so using her private key and send the message to Bob. Bob can verify the digital signature using the public key of Alice.
As the private key of Alice is secret to Alice, no one else other than Alice can digitally sign the message. And, …
0 Comments