Skip to main content

Digital signature in pictures

I never remember what happens when digital signature is used. So here is my summary 'Digital signature for dummies'.

Good resource is What is Digital Signature?

Public - Private basic magic 

All the tricks are based on two keys: public key (long number) and private key (another long number).

A person that want to play must have two keys. He can give one of them (the public one) to other people and keep the other (the private one) to himself.

Using the keys he can encrypt information. This means that using some mathematical magic, he can take a piece of information, scramble it with one key and only a person with the second key can do the opposite way (using other mathematical magic) and convert the scrambled data to original information.

So what? How this magic can be used?

One usage - encryption (hide message content)

To describe a game, lets have two players - Bob and Susan.

Susan can send encrypted information to Bob using Bob's public key. Only Bob can decrypt the information using his private key:
The basic idea here is that is very hard to decrypt the information without the private key. As time go by and computers become stronger and stronger, the key must be longer and longer (the link):

There is also symmetric key encryption concept (see this link):

Another usage - sign message (prove that Bob create the message and avoid changing it) 

Bob add "stamp" that he creates for the specific message. Using this "stamp", the reader can assure that the message was signed by Bob and it was not changed.

What Bob does:

 The message digest can not be converted back to original message.

What the reader does:

If both digests are equal, the document was signed by Bob and was not changed.

Another diagram:

Another usage - create trusted signitures

How a reader can know if the signature that is really of Bob? Maybe hacker sent him somehow public key that seems to belong to Bob but actually belong to the hacker?

For this reason there is a new inventionn - certificate authority (CA) agency. This agency or center or team is responsible to give certificates (file) to people that want to sign messages. They validate that the person that ask for certificate is really the person that he claims to be.

Creating certificate:
Another example of certificate (from here):
CA can be chain:

Another image (from here)

How reader use it?
The reader can check that the public key that he have is really of Bob using the certificate of Bob that he got.

First, reader use public key of CA to read the certificate of Bob. This way he can assure that the certificate is true and not forged.

Than, the public key of Bob is within this certificate. This key is used to check the signature on the message. 


Thanks for all these explanations. It resolves every doubt about digital signature and give message it's time to upgrade to digital signature capturing. Who wants to keep track of a bunch of paper anyway?
Ziv said…
Anonymous said…
Thank you :-). This is very useful...
Ziv said…
Aeldra Robinson said…
It is very useful to me. Everything is very open and represents very clear explanation of issues. Really blogging is spreading its wings quickly. Your write up is a good example of it.

How CA provides public key to receiver?
How CA provides public key to receiver?
Ziv said…
You need to contact CA and ask for certificate if you need one. If you just communicate with another side, you can get the public certificate from him/her

tq i got it!!!

Popular posts from this blog

Jenkins error: groovy.lang.MissingPropertyException

I tried to run groovy build step and got below error. This post will describe how I solved the problem.

Caught: groovy.lang.MissingPropertyException: No such property: hudson for class: script

What is PKI

PKI = Public Key Infrastructure
(Resource) Method of asserting the identity and validity of a person (or entity) that you have not previously met or interacted.

It use of certificates containing identifying information and public keys (these certificates are more properly called X.509 certificates).

PKI accomplishes this by defining a central authority who is mutually trusted by all users of the system.