A digital signature is a special block of data affixed to a message that assures the identity of the sender and the integrity of the message.

A digital signature secures a message in several ways. First, it contains the sender’s digital certificate. This allows a recipient to identify the sender and determine whether the sender is a trusted and authorized party. In this way, digital signatures support the identification and authorization processes.

Second, a digital signature assures a recipient that the owner of the enclosed certificate sent the message. A digital signature is produced using the sender’s private key. If a recipient can successfully “decode” the signature with the public key from the sender’s certificate, the recipient is positively assured that the message is from the person or organization identified on that certificate. This characteristic provides both authentication (the sending party is who it claims to be) and nonrepudiation (the sending party cannot deny issuing the message).

Finally, a digital signature assures the integrity of the message with a message digest—a hash code that is mathematically derived from the message itself. When a recipient opens a signed message, it recalculates the hash code and compares its result to the original hash code in the signature. If the values don’t match, the recipient knows that the message was deliberately or inadvertently altered after it was signed.