| Why do we need digital signatures? Explain how the digital signature works? How can a digital signature ensure that a message is not being tampered with since it origination to the point of delivery? Explain how the public key and private key function is used in digital signatures to ensure the integrity and non repudiation of a message. |
A digital signature is different from digital certificate. It is a mathematical system for showing the authenticity or legitimacy of a digital message or a document. It is a mathematical method used to authenticate or validate the integrity and authenticity of software, digital document, or message. Digital signatures are often applied for software distribution.
A digital signature can provide extra guarantee of proof to origin, status, and identity of an electronic document, message or transaction, including allowing learned permission by the signer. A digital signature is based on public key cryptography or known in other terms as asymmetric cryptography. With the use of a public key algorithm like RSA, you can produce 2 keys that are linked mathematically where one is private and the other is public.
To produce a digital signature, the signing software like an email program will make a one-way hash of the electronic data to be signed. The generated private key will then be used to encrypt the hash. The resulting encrypted hash together with other information like the hashing algorithm will be the digital signature.
The reason why the hash is encrypted instead of the entire message or the document is because a hash function is able to convert a random input into a permanent length value which normally is much shorter. This conserves time given that hashing is greatly faster than signing.
