A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. The digital equivalent of a handwritten signature or stamped seal, a digital signature offers far more inherent security, and it is intended to solve the problem of tampering and impersonation in digital communications.

##### How digital signatures work

Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm, such as RSA, one can generate two keys that are mathematically linked: one private and one public.

Digital signature technology requires all the parties to trust that the individual creating the signature has been able to keep their own private key secret. If someone else has access to the signer’s private key, that party could create fraudulent digital signatures in the name of the private key holder.

To understand this better let’s take an practical E.g.

**Bob** has two keys. One of Bob’s keys is called a Public Key, the other is called a Private Key.

Bob’s Public key is available to anyone who needs it, but he keeps his Private Key to himself. Keys are used to encrypt information. Encrypting information means “scrambling it up”, so that only a person with the appropriate key can make it readable again. Either one of Bob’s two keys can encrypt data, and the other key can decry-pt that data.

Susan (shown below) can **encrypt** a message using Bob’s Public Key. Bob uses his **Private** Key to decrypt the message. Any of Bob’s coworkers might have access to the message Susan encrypted, but without Bob’s Private Key, the data is worthless.

With his private key and the right software, Bob can put digital signatures on documents. Bob’s software will crunch down the data into just a few lines by a process called “**hashing**“. These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)

To understand this better, Let’s say the content of email is simple string “**Hello**“. Next the software generate the hash value “**5d41402abc4b2a76b9719d911017c592**” for this string. Now using the private key Bob Encrypt this hash and place on the original document. This encrypted hash is also called digital signature.

Note HASH value of string **Hello** is always be same no matter who is generating it.

Bob now Pass this document to Pat.

Now Pat has a public key, She can decrypt signature signed by private key (Its possible both ways). She will 1) Decrypt the signature and thus get the original hash 2)Her software will now create HASH of the document (string hello in this case) and match the two. If both match Pat will know signed data has not been changed.