How are digital signatures created and verified?
To create a digital signature, the signer creates a ‘hash’ – an algorithm that creates a unique shortened version of the message – and then uses his/her private key to encrypt the hash. The encrypted hash is the digital signature. If the message were changed in any way, the hash-result of the changed message would be different. The digital signature is unique to both the message and the private key used to create it, so it cannot be forged. The digital signature is then appended to the message and both are sent to the message recipient. The recipient recreates the hash from the received message, and then uses the public key of the original sender to decrypt the hash included in the received message. If the two hash results are identical, two things have been verified: 1. The digital signature was created using the signer’s private key (assurance that the public key corresponds to the signer’s private key) – no one is pretending to be or masquerading as the signer. This verifies the aut
