I am confused about the concept of a digital signature. What is it actually about? Does it mean after I write an
e-mail and add in my digital signature, then my e-mail is digitally signed?
First I refer you to my column, It's a matter of trust: Digital certificates and e-signatures.
You do not "add" your digital signature. You do not have a digital signature, though you do have a "wet" (ink) signature. You can, however, "digitally sign" electronic data, including an e-mail message.
In the act of digitally signing an e-mail message, to use your example, a representation of your message (it may be the message text itself or, more probably, a cryptographic "summary" of the message also called a "message hash") is encrypted with YOUR private key. Your private key is accessible only to you (usually with a passphrase or password).
Anything encrypted or locked with your *private* key can ONLY be decrypted or unlocked with your *public* key. Your public key is associated with your name on a digital certificate. Someone receiving the message can confirm that you sent it and that it hasn't been changed because they verify the message (their software does) by first trying to decrypt the digital signature using your public key, which they get from your digital certificate.
They then make a summary/hash of the message they received and compare it to what they pulled out of the digital signature. If they match, the recipient knows that YOU sent the message (because only you have access to your private key and your public key decrypts what is encrypted with your private key) and that it hasn't been changed by anyone.
For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Digital Signatures
Chat Transcript: Digital Certificates and Signatures
Executive Security Briefing: Digital signatures exposed
Dig deeper on PKI and Digital Certificates
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.