Digital signatures provide message authentication, non-repudiation, and data integrity by using a combination of public-key cryptography and hash functions. The sender calculates a hash of the message and encrypts it with their private key to generate a digital signature. This signature is appended to the message before sending. The receiver decrypts the signature using the sender's public key and compares it to a hash of the received message. If they match, the signature is validated and message integrity and authentication are verified. Digital signatures do not provide privacy, but encryption of the signed message can be added for confidentiality.

1. Digital signature

2. • It is the concept of public-key encryption used for message
authentication.
• It is a technique that is used to bind the person to digital data.
• The binding is digitally verified by the receiver as well as a third party.
• To understand, let’s take a real-life example – When we go to a bank
for a deposit or withdraw money by or any action, we fill the slip and
sign the paper.

3. • After that, the bank office verifies the signature with their data.
• If the signature match, they processed with the action; otherwise, the
action will be rejected.
• The process happens with the digital signature.
• The difference is it verifies the signature digitally.
• A digital signature is a cryptographic value that is calculated based on
the data and the secret key of the signer.

4. Why do we need Digital Signature?
• 1. Message Authentication
• It ensures that the message is coming from the intended sender, not
other parties.
• It allows a receiver to verify the digital signature by using the sender’s
public key; it ensures that the signature is created only by the sender
who uses the secret private key to encrypt the message.

5. • 2. Non-Repudiation
• As the only sender knows the secret key, i.e. signature key, he is the
only one who can create a unique signature on the data.
• If any problem arises, the receiver can show the evidence of the data
and digital signature key to the third party.

6. • 3. Data Integrity
• It provides data integrity to test the modification in the message.
• If somehow, the attacker gets access to the message and modifies the
data. Verification at the receiver side will fail.
• This is because the hash value of the modified message and the
algorithm’s value will not match. In this case, the receiver can reject
the message.

7. How does it Work?
• The user who adopts has a pair of keys – a public key and a private
key. These keys are used for the Encryption and decryption process.
• The private key is used for the encryption, i.e., signing the signature,
or we can say that it is the signature key, and the public key is used for
the decryption, i.e. verification key.
• The user, i.e. the signer, apply the hash function on the data and
creates the hash of data.

8. • After that, apply a signature algorithm on both the hash value and the
signature key to create the given hash’s digital signature.
• Then the signature is appended with data, and both signature and data
are sent to the verifier over the network.
• Verifier, i.e. receiver, apply verification algorithm and verification key.
This process gives value as an output.

9. • Verifier also used the same hash function on the data, which the signer
uses to get the hash value.
• Then he verifies the hash value and the output, which is generated by
an algorithm.
• Based on the result, the verifier validates it. If both are the same, the
digital signature is valid; otherwise, it is invalid.

10. Digital signatures rely on the combination of two
concepts, public-key cryptography, and hash
functions
• Alice is sending a digitally signed but not encrypted message to Bob:
• 1: Alice generates a message digest of the original plaintext message
using a secure hash function like MD5().
• 2: Alice then encrypts the message digest using her private key. The
output is the digital signature.
• 3: Alice appends the digital signature to the plaintext message.
• 4: Alice then sends the appended message to Bob

11. Example
• <html>
• <body>
• <?php
• $str = "Hello BIS students";
• echo md5($str);
• ?>
•
• </body>
• </html>

12. • 5: Bob removes the digital signature from the appended message and
decrypts it with the public key of Alice.
• 6: Bob calculates the hash of the plaintext message with SHA3-512.
• 7: Bob then compares the decrypted message digest he received from
Alice with the message digest Bob computed. If the two digests match,
he can be assured that the message he received was sent by Alice

13. • The digital signature process does not provide any privacy by itself.
• It only ensures that the cryptographic goals of authentication,
integrity, and nonrepudiation are met.
• If Alice wants to ensure the privacy of her message to Bob, she could
encrypt the appended message generated in step 3 with the public key
of Bob.
• Bob then would need to first decrypt the encrypted message with his
private key before continuing with step 5