Security
How is a digital signature verified?
The verification of a digital signature involves several steps to ensure that the signature is valid and the document remains intact. Let's explore these steps:
- Cryptographic verification: When a digital signature is created, a unique hash value for the signed document is first generated using a cryptographic hash function. This hash value is then encrypted using the sender's private key to form the digital signature. During verification, the public key associated with the sender's certificate is used to decrypt the signature and recover the original hash value. If the recovered hash value matches the calculated hash value for the document, the signature's validity is confirmed.
- Integrity check: To ensure that the document has not been altered after signing, the recovered hash value of the document is compared with the current hash value. If these values match, it indicates that the document has not been altered, and integrity is preserved.
- Certificate validation: Digital signatures are typically linked to a digital certificate issued by a Certificate Authority (CA). During verification, the certificate's validity is checked, including its expiration date and the credibility of its issuer. This ensures that the signature comes from a legitimate sender and has not been forged.
- Timestamping: Some digital signatures also include a timestamp that indicates when the signature was created. The timestamp provides additional evidence of when the signature was added, which can be useful in disputes or legal matters.
By performing these steps, the recipient of a document with a digital signature can be confident that the document has been signed by the specified sender and that its contents have not been altered since signing.
