mathematical scheme for demonstrating the authenticity of a digital message or document (Wikipedia). A cryptographic toolkit is often used along with a public-private key pair to digitally sign a message and to verify a message.
Digital signatures are often used in a cryptographically secure message exchange to provide:
- Authentication - proof that a message was sent from a trusted party
- Integrity - proof that a message was not tampered with in transit
- Non-repudiation - the receiver can proof to a third party that the message originated from the original sender
Message authentication codes (MAC) also offer authentication and integrity protection, but no non-repudiation.
Digital signatures generally make use of a public-private key pair. A private key is used to sign the message and a public key is used to verify the integrity and authenticity of a message.
If a message has been tampered with or was not signed by the expected party the verification of the signature will fail.
An example of digitally signing a simple message in java then verifying the result:
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = kpg.generateKeyPair();
byte[] message = "My message is strong!".getBytes();
// Sign our message
Signature signer = Signature.getInstance("SHA1withRSA");
signer.initSign(keyPair.getPrivate());
signer.update(message);
byte[] signatureData = signer.sign();
// Verify our message using the public key + signatureData
Signature verifier = Signature.getInstance("SHA1withRSA");
verifier.initVerify(keyPair.getPublic());
verifier.update(message);
assertTrue(verifier.verify(signatureData));
See also:
