Digital signatures in SSL/TLS
A digital signature is formed by encrypting a representation of a message. The encryption uses the private key of the signatory and, for efficiency, usually operates on a message digest rather than the message itself.
Digital signatures vary with the data being signed, unlike handwritten signatures, which do not depend on the content of the document being signed. If two different messages are signed digitally by the same entity, the two signatures differ, but both signatures can be verified with the same public key, that is, the public key of the entity that signed the messages.
The steps of the digital signature process are as follows:- The sender computes a message digest and then encrypts the digest using the sender's private key, forming the digital signature.
- The sender transmits the digital signature with the message.
- The receiver decrypts the digital signature using the sender's public key, regenerating the sender's message digest.
- The receiver computes a message digest from the message data received and verifies that the two digests are the same.
- The message has not been modified during transmission.
- The message was sent by the entity that claims to have sent it.