Good resource is What is Digital Signature?
Public - Private basic magicAll the tricks are based on two keys: public key (long number) and private key (another long number).
A person that want to play must have two keys. He can give one of them (the public one) to other people and keep the other (the private one) to himself.
Using the keys he can encrypt information. This means that using some mathematical magic, he can take a piece of information, scramble it with one key and only a person with the second key can do the opposite way (using other mathematical magic) and convert the scrambled data to original information.
So what? How this magic can be used?
One usage - encryption (hide message content)To describe a game, lets have two players - Bob and Susan.
Susan can send encrypted information to Bob using Bob's public key. Only Bob can decrypt the information using his private key:
There is also symmetric key encryption concept (see this link):
Another usage - sign message (prove that Bob create the message and avoid changing it)Bob add "stamp" that he creates for the specific message. Using this "stamp", the reader can assure that the message was signed by Bob and it was not changed.
What Bob does:
The message digest can not be converted back to original message.
What the reader does:
If both digests are equal, the document was signed by Bob and was not changed.
Another usage - create trusted signitures
How a reader can know if the signature that is really of Bob? Maybe hacker sent him somehow public key that seems to belong to Bob but actually belong to the hacker?
For this reason there is a new inventionn - certificate authority (CA) agency. This agency or center or team is responsible to give certificates (file) to people that want to sign messages. They validate that the person that ask for certificate is really the person that he claims to be.
Another example of certificate (from here):
CA can be chain:
Another image (from here)
How reader use it?
The reader can check that the public key that he have is really of Bob using the certificate of Bob that he got.
First, reader use public key of CA to read the certificate of Bob. This way he can assure that the certificate is true and not forged.
Than, the public key of Bob is within this certificate. This key is used to check the signature on the message.