DEFINITION
digital signature 
Download this free guide
5 Ways to Prevent Ransomware: Download Now
Ransomware attacks are not only becoming more common, they're becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.
Start Download
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
In many countries, including the United States, digital signatures have the same legal significance as the more traditional forms of signed documents. The United States Government Printing Office publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.
How digital signatures work
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.
PRO+
Content
Find more PRO+ content and other member only offers, here.
E-Handbook
Trusted? Certificate authority risks and how to manage them
The value of the hash is unique to the hashed data. Any change in the data, even changing or deleting a single character, results in a different value. This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash. If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. If the two hashes don't match, the data has either been tampered with in some way (integrity) or the signature was created with a private key that doesn't correspond to the public key presented by the signer (authentication).
A digital signature can be used with any kind of message -- whether it is encrypted or not -- simply so the receiver can be sure of the sender's identity and that the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something (non-repudiation) -- assuming their private key has not been compromised -- as the digital signature is unique to both the document and the signer, and it binds them together. A digital certificate, an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity.
digital signature process If the two hash values match, the message has not been tampered with, and the receiver knows the message is from sender.
Most modern email programs support the use of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are also used extensively to provide proof of authenticity, data integrity and non-repudiation of communications and transactions conducted over the Internet.
Margaret Rouse asks:
How can digital signatures be more widely used to improve the security of email, which is still one of the dominant forms of communication in the world today?
Join the Discussion
This was last updated in November 2014
Continue Reading About digital signature
Get help verifying email addresses with digital signatures
Learn more about digital signatures from NIST
Uncover how digital signatures improve health care data security
Read up on W3C's Digital Signature Initiative
Learn more about the difference between a digital signature and a digital certificate
Related Terms
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority... See complete definition
MD5
The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output... See complete definition
private key (secret key)
A private (secret) key is an encryption key whose value should never be made public. The term may refer to the private key of an ... See complete definition
Dig Deeper on PKI and digital certificates
ALL
NEWS
GET STARTED
EVALUATE
MANAGE
PROBLEM SOLVE
Risk & Repeat: Symantec, Mozilla spar over certificate issuance
How the use of invalid certificates undermines cybersecurity
Symantec certificate authority aims for more delays on browser trust
Risk & Repeat: Symantec offers plan to restore certificate trust
Load More
Join the conversation 15 comments
Send me notifications when other members comment.
Add My Comment
Oldest
[-] Genderhayes - 19 Mar 2014 6:30 PM
What about cybercriminals develop B mining malware
Reply
[-] Genderhayes - 19 Mar 2014 6:38 PM
authentication code used especially in email which can be used as a traditional written signature cannot be forged because the signature is created with a sender's secret key verified afterward too
Reply
[-] Sunny22 - 10 May 2014 12:32 AM
Digital signatures are based on standards and cannot be forged. With time algorithms used to create digital signatures become stronger, making difficult to break. Digital timestamp ensures the time for a digital data. There are some third party trusted TSAs, you can get more information at tecxoft tsa http://tsa.tecxoft.com
Reply
[-] leom1987 - 27 Jun 2014 2:38 PM
People normally use electronic signature and digital signature interchangeably. However, they are quite different. Electronic signatures, which are provided by lots of vendors these days, cannot ensure document integrity and non-repudiation. Signority has a patent-pending SaaS PKI technology that ensures the highest level of security but eliminates the complexity of traditional PKI technology. Several law firms use their solution to deal with highly sensitive contracts.
Reply
[-] Margaret Rouse - 19 Nov 2014 11:09 AM
How can digital signatures be more widely used to improve the security of email, which is still one of the dominant forms of communication in the world today?
Reply
[-] Michael Larsen - 19 Nov 2014 3:38 PM
In my mind, the question isn't so much "how can they be used to protect email communications". The bigger question is "how can we streamline the process of creating them and encouraging they be used in a way that will signal wide adoption". For people who program or who set up environments to share keys on a regular basis, this is not a big deal, but for the average computer user, setting up keys is seen as a monumental pain, and then having tools that readily recognize them and use them without a lot of hand holding are essential. In short, we need to make it easy to implement and then easy to use, with as little monitoring as possible. Perhaps a model like LastPass but for cryptography?
Reply
[-] Jeff Cutler - 21 Nov 2014 2:05 PM
As Michael says - and I agree - the process of getting people to understand and use signature security is the real issue. We're still living in a business environment that leverages at least three major email services. And these don't really play nice together. So until we get Gmail and Exchange and Apple Mail to coordinate some of their code, will we really have the groundwork in place to start using digital signatures that are platform agnostic? Until that happens, we'll be like the spy groups in time of war. The guys we're sending code to will have to have the unlock code right in front of them...and all that does is makes things more convoluted and difficult.
Reply
[-] Ken Harthun - 29 Nov 2014 10:29 PM
I think the question should be more along the lines of "What types of email communications require the security of digital signatures?" I don't see any use whatsoever in using digital signatures in my personal email correspondence unless I am discussing legal matters with my lawyer or financial matters with my accountant. Most of my day-to-day business emails do not contain anything that requires digital signatures.
Michael and Jeff also raise good points: Digital signatures must be easy to use and they must work seamlessly on all platforms. It's the same issue I see every day trying to convince people of ways to come up with good passwords: "Too much work." And I think that is the fundamental difficulty in getting people to adopt good security measures.
Reply
[-] iljor88 - 8 Dec 2014 12:38 PM
I use Popfax online faxing as I need to add my digital signature quite often to the sent documents, it is easy, quick and very convenient.
Reply
[-] Veretax - 13 Dec 2015 9:26 PM
I find myself asking the question. Why. Too many already use email without digital signatures. Only in very strict settings are they utilized at all. Michael is right, could they help? Maybe, but I'm worried about spoofing and I'm worried about them getting stolen and what that could imply.
Reply
[-] Maikai - 14 Nov 2015 10:07 AM
This is an inaccurate description of a cryptographic digital signature. Digital signatures are not an encryption of the hash. It is a mathematical function which takes the private key, the hash, and a unique random number to create a result which can be verified by using the signer's public key. The result of the verify is essentially a Yes/No result. There is no way to recover the hash and match it as described above.
Also, no other information typically accompanies the digital signature.. The author says the kind of hash algorithm used is also sent with the signature. If the receiver doesn't already know, then a certificate is more appropriate, which contains the signature, the algorithm(s) used and more (Google X.509 certificate).
Reply
[-] thomas708 - 24 Nov 2015 3:32 PM
@Maikai - The article is simplifying things but that doesn't make it incorrect. For instance, you are right that an IV is often used in generating a signature. However, that is a detail that increases security but does not invalidate the basic method of generating a signature from a hashed digest.
Reply
[-] MDFISS4 - 7 Aug 2016 3:47 AM
Good basic explaination but I got some more questions. What property of a hash function is needed for the digital signature scheme to work correctly; what could go wrong if this property does not hold? According to the above text I think the property is that the encrypted and decrypted hash have to be the same. Is this right?
And also; do you need to use block modes for signing larger messages?
Reply
[-] ToddN2000 - 8 Aug 2016 8:13 AM
Lot of information here, I'm curious as to what methods are being used when you sign for a UPS/FedEx package or to pick up some Rx at the pharmacy. The thing they have you sign with your finger never looks like your written signature. You have no idea if it was me or someone else.
Reply
[-] vietnamnethp - 23 May 2017 11:09 AM
I've never heard that private key can be used to encrypt and public key can be used to decrypt. I think there are something wrong in this article.
Reply
-ADS BY GOOGLE
Dateiendungen und Dateiformate
ABCDEFGHIJKLMNOPQRSTUVWXYZ#
Gesponsert von:
Latest TechTarget resources
CLOUD SECURITY
NETWORKING
CIO
CONSUMERIZATION
ENTERPRISE DESKTOP
CLOUD COMPUTING
COMPUTER WEEKLY
SearchCloudSecurity
What a CPU cache exploit means for multi-tenant cloud security
Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works...
How to ensure a secure data transport of information in the cloud
A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options ...
Is a malicious hypervisor a real security threat to enterprises?
It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this ...
About UsMeet The EditorsContact UsPrivacy PolicyVideosPhoto StoriesGuidesAdvertisersBusiness PartnersMedia KitCorporate SiteContributorsCPE and CISSP TrainingReprintsArchiveSite MapEventsE-Products
All Rights Reserved, Copyright 2000 - 2017, TechTarget
Download this free guide
5 Ways to Prevent Ransomware: Download Now
Ransomware attacks are not only becoming more common, they're becoming more creative. In this guide, industry expert Kevin Beaver uncovers 5 ways to prevent a ransomware infection through network security.
Start Download
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
In many countries, including the United States, digital signatures have the same legal significance as the more traditional forms of signed documents. The United States Government Printing Office publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.
How digital signatures work
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.
PRO+
Content
Find more PRO+ content and other member only offers, here.
E-Handbook
Trusted? Certificate authority risks and how to manage them
The value of the hash is unique to the hashed data. Any change in the data, even changing or deleting a single character, results in a different value. This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash. If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. If the two hashes don't match, the data has either been tampered with in some way (integrity) or the signature was created with a private key that doesn't correspond to the public key presented by the signer (authentication).
A digital signature can be used with any kind of message -- whether it is encrypted or not -- simply so the receiver can be sure of the sender's identity and that the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something (non-repudiation) -- assuming their private key has not been compromised -- as the digital signature is unique to both the document and the signer, and it binds them together. A digital certificate, an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity.
digital signature process If the two hash values match, the message has not been tampered with, and the receiver knows the message is from sender.
Most modern email programs support the use of digital signatures and digital certificates, making it easy to sign any outgoing emails and validate digitally signed incoming messages. Digital signatures are also used extensively to provide proof of authenticity, data integrity and non-repudiation of communications and transactions conducted over the Internet.
Margaret Rouse asks:
How can digital signatures be more widely used to improve the security of email, which is still one of the dominant forms of communication in the world today?
Join the Discussion
This was last updated in November 2014
Continue Reading About digital signature
Get help verifying email addresses with digital signatures
Learn more about digital signatures from NIST
Uncover how digital signatures improve health care data security
Read up on W3C's Digital Signature Initiative
Learn more about the difference between a digital signature and a digital certificate
Related Terms
Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority... See complete definition
MD5
The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output... See complete definition
private key (secret key)
A private (secret) key is an encryption key whose value should never be made public. The term may refer to the private key of an ... See complete definition
Dig Deeper on PKI and digital certificates
ALL
NEWS
GET STARTED
EVALUATE
MANAGE
PROBLEM SOLVE
Risk & Repeat: Symantec, Mozilla spar over certificate issuance
How the use of invalid certificates undermines cybersecurity
Symantec certificate authority aims for more delays on browser trust
Risk & Repeat: Symantec offers plan to restore certificate trust
Load More
Join the conversation 15 comments
Send me notifications when other members comment.
Add My Comment
Oldest
[-] Genderhayes - 19 Mar 2014 6:30 PM
What about cybercriminals develop B mining malware
Reply
[-] Genderhayes - 19 Mar 2014 6:38 PM
authentication code used especially in email which can be used as a traditional written signature cannot be forged because the signature is created with a sender's secret key verified afterward too
Reply
[-] Sunny22 - 10 May 2014 12:32 AM
Digital signatures are based on standards and cannot be forged. With time algorithms used to create digital signatures become stronger, making difficult to break. Digital timestamp ensures the time for a digital data. There are some third party trusted TSAs, you can get more information at tecxoft tsa http://tsa.tecxoft.com
Reply
[-] leom1987 - 27 Jun 2014 2:38 PM
People normally use electronic signature and digital signature interchangeably. However, they are quite different. Electronic signatures, which are provided by lots of vendors these days, cannot ensure document integrity and non-repudiation. Signority has a patent-pending SaaS PKI technology that ensures the highest level of security but eliminates the complexity of traditional PKI technology. Several law firms use their solution to deal with highly sensitive contracts.
Reply
[-] Margaret Rouse - 19 Nov 2014 11:09 AM
How can digital signatures be more widely used to improve the security of email, which is still one of the dominant forms of communication in the world today?
Reply
[-] Michael Larsen - 19 Nov 2014 3:38 PM
In my mind, the question isn't so much "how can they be used to protect email communications". The bigger question is "how can we streamline the process of creating them and encouraging they be used in a way that will signal wide adoption". For people who program or who set up environments to share keys on a regular basis, this is not a big deal, but for the average computer user, setting up keys is seen as a monumental pain, and then having tools that readily recognize them and use them without a lot of hand holding are essential. In short, we need to make it easy to implement and then easy to use, with as little monitoring as possible. Perhaps a model like LastPass but for cryptography?
Reply
[-] Jeff Cutler - 21 Nov 2014 2:05 PM
As Michael says - and I agree - the process of getting people to understand and use signature security is the real issue. We're still living in a business environment that leverages at least three major email services. And these don't really play nice together. So until we get Gmail and Exchange and Apple Mail to coordinate some of their code, will we really have the groundwork in place to start using digital signatures that are platform agnostic? Until that happens, we'll be like the spy groups in time of war. The guys we're sending code to will have to have the unlock code right in front of them...and all that does is makes things more convoluted and difficult.
Reply
[-] Ken Harthun - 29 Nov 2014 10:29 PM
I think the question should be more along the lines of "What types of email communications require the security of digital signatures?" I don't see any use whatsoever in using digital signatures in my personal email correspondence unless I am discussing legal matters with my lawyer or financial matters with my accountant. Most of my day-to-day business emails do not contain anything that requires digital signatures.
Michael and Jeff also raise good points: Digital signatures must be easy to use and they must work seamlessly on all platforms. It's the same issue I see every day trying to convince people of ways to come up with good passwords: "Too much work." And I think that is the fundamental difficulty in getting people to adopt good security measures.
Reply
[-] iljor88 - 8 Dec 2014 12:38 PM
I use Popfax online faxing as I need to add my digital signature quite often to the sent documents, it is easy, quick and very convenient.
Reply
[-] Veretax - 13 Dec 2015 9:26 PM
I find myself asking the question. Why. Too many already use email without digital signatures. Only in very strict settings are they utilized at all. Michael is right, could they help? Maybe, but I'm worried about spoofing and I'm worried about them getting stolen and what that could imply.
Reply
[-] Maikai - 14 Nov 2015 10:07 AM
This is an inaccurate description of a cryptographic digital signature. Digital signatures are not an encryption of the hash. It is a mathematical function which takes the private key, the hash, and a unique random number to create a result which can be verified by using the signer's public key. The result of the verify is essentially a Yes/No result. There is no way to recover the hash and match it as described above.
Also, no other information typically accompanies the digital signature.. The author says the kind of hash algorithm used is also sent with the signature. If the receiver doesn't already know, then a certificate is more appropriate, which contains the signature, the algorithm(s) used and more (Google X.509 certificate).
Reply
[-] thomas708 - 24 Nov 2015 3:32 PM
@Maikai - The article is simplifying things but that doesn't make it incorrect. For instance, you are right that an IV is often used in generating a signature. However, that is a detail that increases security but does not invalidate the basic method of generating a signature from a hashed digest.
Reply
[-] MDFISS4 - 7 Aug 2016 3:47 AM
Good basic explaination but I got some more questions. What property of a hash function is needed for the digital signature scheme to work correctly; what could go wrong if this property does not hold? According to the above text I think the property is that the encrypted and decrypted hash have to be the same. Is this right?
And also; do you need to use block modes for signing larger messages?
Reply
[-] ToddN2000 - 8 Aug 2016 8:13 AM
Lot of information here, I'm curious as to what methods are being used when you sign for a UPS/FedEx package or to pick up some Rx at the pharmacy. The thing they have you sign with your finger never looks like your written signature. You have no idea if it was me or someone else.
Reply
[-] vietnamnethp - 23 May 2017 11:09 AM
I've never heard that private key can be used to encrypt and public key can be used to decrypt. I think there are something wrong in this article.
Reply
-ADS BY GOOGLE
Dateiendungen und Dateiformate
ABCDEFGHIJKLMNOPQRSTUVWXYZ#
Gesponsert von:
Latest TechTarget resources
CLOUD SECURITY
NETWORKING
CIO
CONSUMERIZATION
ENTERPRISE DESKTOP
CLOUD COMPUTING
COMPUTER WEEKLY
SearchCloudSecurity
What a CPU cache exploit means for multi-tenant cloud security
Researchers recently proved that it's possible to steal cloud data from a CPU cache. Expert Rob Shapland discusses how this works...
How to ensure a secure data transport of information in the cloud
A secure data transport of information stored in the cloud can be challenging. Expert Frank Siemons explains the options ...
Is a malicious hypervisor a real security threat to enterprises?
It's possible for hackers to use a malicious hypervisor to access data on virtual machines. Expert Ed Moyle discusses how this ...
About UsMeet The EditorsContact UsPrivacy PolicyVideosPhoto StoriesGuidesAdvertisersBusiness PartnersMedia KitCorporate SiteContributorsCPE and CISSP TrainingReprintsArchiveSite MapEventsE-Products
All Rights Reserved, Copyright 2000 - 2017, TechTarget
