Digital Signature
A digital signature is a cryptographic mechanism that uses asymmetric key pairs to verify the authenticity, integrity, and non-repudiation of a digital message or document.
Digital signatures work by having the signer create a hash of the message and then encrypt that hash with their private key. The recipient can then decrypt the signature using the signer's public key and compare the result against their own hash of the message. If the hashes match, the signature is valid, confirming that the message was sent by the claimed sender and has not been altered in transit.
Common digital signature algorithms include RSA-PSS, ECDSA (Elliptic Curve Digital Signature Algorithm), and EdDSA (Edwards-curve Digital Signature Algorithm). EdDSA, particularly the Ed25519 variant, has gained popularity due to its strong security properties, fast performance, and resistance to implementation pitfalls that have affected ECDSA (such as nonce reuse vulnerabilities).
Digital signatures are fundamental to many security systems. They authenticate TLS certificates, ensuring you are connecting to the legitimate server. They verify software updates and package integrity, preventing supply chain attacks. They secure email communications through S/MIME and PGP. They also underpin code signing, which ensures that executable code has not been tampered with. For digital signatures to provide meaningful security, the underlying hash function must be collision-resistant and the private key must be securely stored, ideally in a hardware security module (HSM) for high-value signing operations.