A digital signature is a data that comes with a message to prove to the receiver B that the message was in fact sent by the expected sender A. It has 3 main features: Authentication: Proofs that the message was in fact signed by the expected entity A. Once only A knows its private key, B knows that A signed the message. Non-repudiation: The entity A cannot deny that it signed the message, once only A has access to its private key. Integrity: B must be sure that the message was not changed/tampered during transmission. If a message is digitally signed, any change in the message after the signature invalidates the signature. A common type of digital signature uses pairs of public and private keys. The digital signature scheme tipically consists on these 3 steps: 1. Selection of a private key and its corresponding public key 2. A signing algorithm that, given a message and private key, produces a signature 3. A signing algorithm that, given the message, public key and signature, either accepts or rejects the message's claim of authenticity A digital signature based on hash functions is used when there's no need for privacy (e.g. a party wants to share a document). Nothing better to explain than an example: - Alice generates the digest (hash of data) with an algorithm such as SHA-1, for example - Encrypts the digest with her private key - Sends the message with the signature to Bob - Bob receives the message and the signature. The signature consists of the digest encrypted with Alice's private key - To make sure Alice is the sender, Bob decrypts the digest with Alice's public key. Authentication is verified - Bob now must be sure of the integrity of the message. He generates a new digest with the same SHA-1 algorithm - If the two digests match, the message was not changed More details: Digital signature (Wikipedia): here Public key cryptography (Wikipedia): here