Chapter 3 Β· Helper 2

Concept Map

Step-by-step digital signature process and comparison tables.

Digital Signature β€” Step by Step

Sender β†’ Receiver
1

Alice writes the message (plaintext)

"You're hired, Bob. Salary: $75,000." β€” unencrypted, readable text.

2

Alice hashes the plaintext

A hash function creates a fixed-length message digest. Even one character change = completely different hash.

3

Alice encrypts the hash with her PRIVATE KEY

This encrypted hash is her digital signature. Only Alice can create this β€” no one else has her private key.

4

Alice sends: plaintext + digital signature

The message does NOT need to be encrypted. The signature is attached separately. Bob receives both.

5

Bob decrypts the signature with Alice's PUBLIC KEY

Alice's public key is available to anyone. Decrypting the signature reveals the original hash Alice created.

6

Bob hashes the received plaintext independently

Bob runs the same hash function on the message he received to create a fresh hash.

7

Bob compares the two hashes

Hash from signature = Hash from message? β†’ βœ… Integrity confirmed + Origin verified = Non-repudiation. Mismatch? β†’ ❌ Data was altered or signature is invalid.

Hashing vs. Digital Signature vs. Certificate

MechanismWhat It ProvesWho Can VerifyIdentifies Sender?
HashingData hasn't changed (integrity)Anyone❌ No
Digital SignatureIntegrity + sender identityAnyone with public keyβœ… Yes
CertificatePublic key belongs to a verified identityAnyone trusting the CAβœ… Yes (via CA)

Key Rules to Remember

Private = Sign

The PRIVATE key creates (signs) the digital signature. Never shared.

Public = Verify

The PUBLIC key verifies the signature. Anyone can have it. Cannot create a signature.

No Encryption Needed

Digital signatures work on plaintext. The message doesn't need to be encrypted for the signature to prove integrity + origin.

Hash β‰  Sender ID

A hash alone only tells you if data changed β€” NOT who sent it. You need a digital signature for origin proof.