Home/Cryptography/Signatures

Digital Signatures

Cryptographic Proof of Authenticity

10 min read Updated 2024

How Signatures Work

Digital signatures prove that a message came from a specific sender and wasn't modified. The sender signs with their private key; anyone can verify with the public key.

Signing Process
Signing:   Hash(Message) + Private Key → Signature
Verifying: Hash(Message) + Signature + Public Key → Valid/Invalid

Only private key holder can create valid signature
Anyone with public key can verify

What Signatures Prove

Authentication

Message came from claimed sender

Identity

Integrity

Message wasn't modified

Tamper-proof

Non-repudiation

Sender can't deny signing

Legal

Algorithms

Ed25519Fast, secure, small signatures (recommended)
ECDSAElliptic curve, used in Bitcoin, TLS
RSA-PSSRSA with probabilistic padding
RSA PKCS#1 v1.5Legacy, avoid for new systems

Applications

  • Code signing (software distribution)
  • TLS certificates (HTTPS)
  • Email signing (PGP, S/MIME)
  • Cryptocurrency transactions
  • Document signing (legal contracts)
  • Git commit signing

Example: GPG Signing

Terminal
$ gpg --sign message.txt
$ gpg --verify message.txt.gpg
gpg: Good signature from "Alice"