Digital Signature Vs. Encrypted Message

Public Key Encryption

Public key encryption relies on the generation of specialized, two-part cryptographic keys. One is your public key, and you can freely give this key out to anyone who wants it. The other is your private key, and it must remain secret. If you encode a message with your public key, it will require your private key for decryption, and vice versa. Programs such as Pretty Good Privacy and other OpenPGP encryption programs use this method. You can also take advantage of digital certificate registries such as Verisign to maintain a public record of your personal or business public keys.

Encrypting Messages

To create a secure channel of communication between yourself and a correspondent using public key encryption, you need to swap public keys. Then you can combine your partner’s public key with your private key using your encryption program, creating a unique cryptographic channel between the two of you. You can repeat this procedure with others and keep the communications unique and secure. This method of key combining also lies at the heart of the Secure Sockets Layer and Transport Layer Security protocols, which both use an automatic form of this pairing to provide secure browsing and file transfer connections between servers.

Cryptographic Hashing

To create a digital signature, you also need a hashing program. Cryptographic hashing uses a known, one-way cipher to produce a unique string from the input data. You cannot reverse the process, but any given input, whether a string of characters or an entire document, produces unique output. If two people hash the same input with the same algorithm, they get the same result every time.

Digital Signatures

To sign a document digitally, you need to hash it and then encrypt the result using your private key. You then append that encrypted hash result to the message and send it to your recipient. Your recipient decodes your hash result using your public key, then hashes the message himself and compares the result to yours. If the result strings match, your recipient knows that the document is genuine, since any alteration to the message would necessarily alter the hash result.