A digital signature is a data that comes with a message to prove to the receiver B that the message was in fact sent by the expected sender A.
It has 3 main features:
Proofs that the message was in fact signed by the expected entity A.
Once only A knows its private key, B knows that A signed the message.
The entity A cannot deny that it signed the message, once only A has access to its private key.
B must be sure that the message was not changed/tampered during transmission.
If a message is digitally signed, any change in the message after the signature invalidates the signature.
A common type of digital signature uses pairs of public and private keys.
The digital signature scheme tipically consists on these 3 steps:
1. Selection of a private key and its corresponding public key
2. A signing algorithm that, given a message and private key, produces a signature
3. A signing algorithm that, given the message, public key and signature, either accepts or rejects the message's claim of authenticity
A digital signature based on hash functions is used when there's no need for privacy (e.g. a party wants to share a document).
Nothing better to explain than an example:
- Alice generates the digest (hash of data) with an algorithm such as SHA-1, for example
- Encrypts the digest with her private key
- Sends the message with the signature to Bob
- Bob receives the message and the signature. The signature consists of the digest encrypted with Alice's private key
- To make sure Alice is the sender, Bob decrypts the digest with Alice's public key. Authentication is verified
- Bob now must be sure of the integrity of the message. He generates a new digest with the same SHA-1 algorithm
- If the two digests match, the message was not changed
Digital signature (Wikipedia): here
Public key cryptography (Wikipedia): here