Definition

digital signature (electronic signature)

A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

How It Works

Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.

  1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
  2. Using special software, you obtain a message hash (mathematical summary) of the contract.
  3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
  4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)

At the other end, your lawyer receives the message.

  1. To make sure it's intact and from you, your lawyer makes a hash of the received message.
  2. Your lawyer then uses your public key to decrypt the message hash or summary.
  3. If the hashes match, the received message is valid.

Also see hashing and Digital Signature Standard.

 

Getting started with digital signatures
To explore how digital signatures are used in the enterprise, here are some additional resources:
Personal digital certificate pros and cons: Are you considering creating a personal digital certificate for your company? Learn about the pros and cons of the technology and the proper steps to follow for issuing these certificates.
Understanding multifactor authentication features in IAM suites: Do you think your organization's multifactor authentication strategy works effectively with your IAM suite? Get a better understanding of multifactor authentication, your IAM suite options and best practices for deployment.

This was last updated in May 2007
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: