Digital Signature example using OpenSSL
What is a digital signature? This walkthrough demonstrates how to create a private key, public key, digitally sign a document, and verify.
A digital signature and signing are critical concepts in cryptography and information security.
Digital Signature:
- A digital signature is a cryptographic equivalent of a handwritten signature or stamped seal, but it offers much more inherent security. A genuine digital signature provides proof of the origin, identity, and status of an electronic document, transaction, or message and confirms the signer’s consent.
- It is created using a private key; anyone can verify the signature using the corresponding public key. If the document changes after signing, the digital signature will become invalid.
- Digital signatures are based on public key cryptography, also known as asymmetric cryptography. This system uses a pair of mathematically related keys: a public key, which is open to the public, and a private key, which remains confidential to its holder.
Signing (in Cryptography):
- Signing refers to applying a digital signature to a document, message, or transaction.
- To sign a document digitally, the signer first creates a hash or digest of the document (using a hash function). This hash is then encrypted using the signer’s private key to make the digital signature. The original copy and its digital signature are then sent to the recipient.
- To verify the document’s authenticity, the recipient decrypts the digital signature using the sender’s public key, obtaining the hash. They then hash the received document and compare the two hashes. The signature (and the paper) are considered genuine if they match.
Advantages of Digital Signatures:
- Authentication: It confirms the signer’s identity.
- Integrity: It ensures the content wasn’t altered after the signer signed it.
- Non-repudiation: The signer cannot deny the authenticity of their signature.
In the digital world, digital signatures are vital in establishing trust, especially in tasks like software distribution (to ensure the software hasn’t been tampered with), document verification, and electronic transactions.