1

I'm new to cryptography, and I'm confused about digital signatures.

How do they work? Please illustrate with an example in a way that a beginner can understand.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Biny Thakur
  • 11
  • 1
  • There are lots and lots of beginner explanations out there. Have you found one you like? – schroeder May 28 '19 at 14:00
  • Read this answer about digital signatures: https://security.stackexchange.com/a/87373/70830 I believe that is the best answer, and maybe this is not the answer you would have found by searching, but certainly you would have found a number of good answers by searching. – Z.T. May 28 '19 at 14:09
  • If you want to get a basic handle on the high-level concepts of cryptography without any serious math, I recommend the following book: [Cryptography Decrypted](https://www.amazon.com/Cryptography-Decrypted-H-X-Mel/dp/0201616475). – JimmyJames May 28 '19 at 14:34

1 Answers1

0

While there are other answers on this site that walk through the maths of digital signatures, it can be difficult for people new to the field and to the maths to follow those answers. This is an attempt to bridge the gap in understanding.

There is only so far that a "beginner-level" answer can be provided because we are dealing with complex maths. So, permit a high-level explanation.

  1. Alice writes a message

  2. Alice creates a private and public key pair (this answer cannot go into the explanation of what these are - if you are stuck at this part, then you need to stop and read about these)

  3. Alice creates a hash of the message (this answer also assumes that you know what a hash is)

  4. Alice uses the hash and her private key to create a mathematical value called a signature (and that's as far that a beginner-level answer will go on this step)

  5. Alice sends the message and the signature to Bob

  6. Bob uses a "signature verification" process that includes creating a new hash of the message and Alice's public key as inputs.

  7. "Signature verification" passes if Bob's hash of the message is the same as the hash Alice used when she signed the message, and if the public key matches Alice's private key.

Bob knows that the message was not changed since it was signed and that it was signed using Alice's private key.

This is a very high-level explanation of complex maths and there are a lot of subtleties in the processes that can change depending on the algorithms used.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • I await the flaying by the crypto experts... – schroeder May 28 '19 at 14:40
  • It's missing the very important part where the public key needs to be trusted. I'd say that normally the key pair is generated - and the public key trusted - in advance. As for 4, you don't need the public key to create a signature, you only need the private key. "Hash *over* the message". As for 7, the hash is taken as the input for verification, but verification may not involve direct comparison of the hash value. You've been flayed :P – Maarten Bodewes May 29 '19 at 02:21
  • @MaartenBodewes I appreciate it. Yes, the trust mechanism is a crucial factor, but I chose to set that aside to walk through the confusing function itself. Correct my understanding on #4, but is the *key* the necessary input, or are the primes? I'll ammend the hash verification. – schroeder May 29 '19 at 07:25