What is a Digital Signature? (Signing in Cryptography)

Public Key Crypto Pair Key Creation


A digital signature is:


Digital signature schemes are used for:

  • sender authentication (no one can impersonate the sender, it proves that the message came from a particular sender)
  • and non-repudiation (The sender cannot deny having sent the message)

Postal Analogy

An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the unique seal authenticates the sender.

Key Usage


In a asymmetric scheme (public key cryptography scheme), there is two keys:

  • the sender's private key signed the message (hash signatures are computed with the private key)
  • the sender's public key verifies the message (the receiver do it and it needs to know only the corresponding public key to verify the message)

An advantage of signing messages is that the public key and certificate are automatically send.

See also Public Key - Digital Signature


In a symmetric scheme, the same key is used to:

  • sign (create the hash)
  • verify (create the hash and verify that it's the same)

Example: JsonWebToken



A signing algorithm given a message and a secret (private or shared key), produces a signature.

To sign a message, the sender

  • will compute the hash of the message with the secret
  • will add the encrypted hash (the signature) with the message.
  • will add its signed certificate to the message (in case of asymmetric scheme)

You can see an example of signature procedure with the issuing of certificate

Two ways

There are usually 2 ways to sign:

Signing method Message Human Readable Encryption difficulty
encapsulating the text message inside the signature (with delimiters) Yes Difficult
encoding the message altogether with the signature no (message has been tampered with) Simple (decryption with the embedded public key)


A signature verifying algorithm given a message, will either:

  • accepts: the signature hash is valid
  • or rejects: the signature hash is not valid)

the message's claim to authenticity:

The verification:

  • authenticate the sender. It proves that the sender had access to the shared or private key and is then a known sender
  • ensures that the message has not been altered. The signature is mathematically bound to the original message, the verification will fail for any other message (no matter how similar it is from the original one).

The recipient will:

  • recalculate the message hash,
  • decrypts the encrypted hash using:
    • the public key stored in the signed certificate (asymmetric scheme)
    • or the shared key (symmetric scheme)
  • check that both hash are equals
  • check the certificate (in case of asymmetric scheme)

1) 2)

Discover More
Jwt Auth Flow
Authentication - Jwt (Json web token)

json web token is a token. It's also known as jot. When a JWT is signed, it becomes a JWS and can be used for sender authentication and authorization. The main purpose of JWTs is to transfer (ie identity...
Authentication - Token

A token is a authentication material Token-based authentication is implemented by: generating a token when the user authenticates and then setting that token in the Authorization header of each...
Card Puncher Data Processing

is a functionality of cryptography that verifies that the sender of the message is who he claimed to be. This functionality is implemented with the digital signature functionality. And as a side effect,...
Certificate Validity Period Not Before Not After Portecle
Certificat and chain verification

A certificate check is equivalent to an authentication. The signature of the certificate is verified with the public key to check if it was signed (issued) by a trusted party (usually a trusted...
Client-side sessions (stateless sessions) - Client Side Data

Client-side sessions (stateless sessions) are session data stored client-side (Generally browser data) Client-side data is subject to tampering. As such it must be handled with great care by the backend...
Card Puncher Data Processing

graphy is the science of cryptographic algorithms (known as Cipher) that implements the following functionalities: Data Integrity - the message (data) was not altered during transit Authenticity -...
Consistent Hashing
Cryptography - Hash

A hash function is an encryption crypto algorithm that takes as data as input (possibly large and of variable-sized) and produces a short fixed-length integer value (generally printed as an hexadecimal...
Card Puncher Data Processing
Cryptography - Key

A key is a parameter used in a cipher algorithm that determines the encryption operation (forward) and the decryption operation (backward). It's the only secret parameter that protect the anonymity...
Public Key Crypto Pair Key Creation
Cryptography - Non-Repudiation

Non-Repudiation is a functionality of asymmetric cryptography where the message cannot be denied from having been sent. Technically, when we are in presence of a message that has been signed by the sender,...
Public Key Crypto Pair Key Creation
Cryptography - RSA (Rivest–Shamir–Adleman)

RSA (Rivest–Shamir–Adleman) is a public-key cryptosystems implementation (one of the first). RSA is then a asymmetric cipher (ie public key scheme). RSA uses exponentiation modulo a product of two...

Share this page:
Follow us:
Task Runner