This section describes the digital signature of a digital document. A digital signature is the message digest of the document encrypted by sender's private key. Receiver can decrypt the digital signature with sender's public key and compare it with the message digest of the received document.
In earlier part of the book, we discussed one important application area of the PKI (Public Key Infrastructure) technology.
That is the HTTPS (Hypertext Transfer Protocol Secure) to provide encrypted communication and secure identification
of Web servers.
Now we can look at another application area of the PKI technology, digital signature.
What Is Digital Signature?
I like the definition from wikipedia.org:
"A digital signature or digital signature scheme is a mathematical scheme for demonstrating
the authenticity of a digital message or document. A valid digital signature gives a recipient
reason to believe that the message was created by a known sender, and that it was not altered in transit."
The digital signature scheme is shown in this picture from globus.org:
The diagram shows you that:
The sender must have a private-public pair.
The sender generates a digital signature, shown as the Encrypted Message Digest in the picture, using the private
key and a message digest of the original document.
The receiver decrypts the digital signature using the sender's public key and compares with the message digest
of the received document.
The receiver knows that received document has been tampered with by a third party if the message digest
does not match the decrypted digital signature.
Note that the picture above only verifies the integrity of the received document. It does not cover the verification
of sender's identity. See next section for details on this.