Term of the Moment
cyberthreat
Definition: digital signature
A digital signature authenticates the sender of a message and provides the electronic equivalent of a tamper-proof seal that is broken if any data in the message were altered. Digital signatures use the public key encryption system for the following purposes. See public key cryptography.
Signed Certificates
Signed certificates authenticate a website and establish an encrypted connection for credit cards and confidential data (see digital certificate and TLS).
Signed Executables
Code signing verifies the integrity of executables downloaded from the Internet (see code signing).
Signed Cryptocurrency Transactions
Bitcoin and other blockchain networks use digital signatures to verify the integrity of their transactions (see Bitcoin transaction).
Signatures Are Encrypted Digests
Transmitted in the Clear
Transmitted in Secret
Signed Certificates
Signed certificates authenticate a website and establish an encrypted connection for credit cards and confidential data (see digital certificate and TLS).
Signed Executables
Code signing verifies the integrity of executables downloaded from the Internet (see code signing).
Signed Cryptocurrency Transactions
Bitcoin and other blockchain networks use digital signatures to verify the integrity of their transactions (see Bitcoin transaction).
The digest is a digital fingerprint of the data that is encrypted ("signed") with the private key of the sender's public/private key pair. To prove the file was not altered, the recipient decrypts the signature with the sender's public key, recomputes a new digest from the data and compares them. If they match, nothing was altered (see below). See hash function, RSA, MD5, SHA, public key cryptography and electronic signature.
In this example, the message is tamperproof but can be read by an eavesdropper.
In this example, the message is both tamperproof and transmitted in secret.