The purpose of a digital signature is to provide a means for an entity to bind its identity
to a piece of information. Digital signatures use PKC (Public Key Cryptography), which
employs an algorithm using two different but mathematically related keys: one to create a
digital signature and another to verify a digital signature.
Unlike conventional symmetric-key cryptography, which uses the same secret key for encryption
and decryption, PKC uses a key pair, a private and a public key, for encryption and decryption
operations (see Figure 1). The public key is freely available to anyone, but the private key
is protected and never shared. Each key pair shares a mathematical relationship that ties the
two keys exclusively to one another, and they are related to no other keys.
A cryptographic transformation encoded with one key can be reversed only with the other key. It
is computationally not feasible to deduce the private key from the public key nor to deduce the
public key from the private key. This defining nature of PKC enables the following:
- Confidentiality. A message encrypted with a public key can only be decrypted with the corresponding private key.
- Endpoint authentication. The recipient can determine the sender’s identity.
- Nonrepudiation. The sender cannot deny sending the message or committed actions.
- Message integrity. The recipient can easily identify whether anything has tampered with the message content during