Digital Signatures
Another good use of public key encryption is for message authentication, also known as a digital signature.
Encrypting a message with a private key creates a digital signature, which is an electronic means of authentication and provides non-repudiation. Non-repudiation means that senders will not be able to deny that they sent messages. That is, a digital signature attests not only to the contents of a message, but also to the identity of the sender. Because it is usually inefficient to encrypt an actual message for authentication, a document hash known as a message digest is used. The basic idea behind a message digest is to take a variable-length message and convert it into a fixed-length compressed output called the message digest. Because the original message cannot be reconstructed from the message digest, the hash is labeled "one-way." An initiator and responder's communication using digital signature proceeds as follows:
| 1. | Initiator computes a one-way hash of a document that she wishes to send responder. |
| 2. | Initiator encrypts the hash with her private key. The encrypted message digest becomes the digital signature. |
| 3. | Initiator sends the document along with the digital signature to responder. |
| 4. | Responder decrypts the digital signature using initiator's public key and also computes a one-way hash of the document received from initiator. If the two values match, responder can be sure that the document came from initiator and the document was not tampered with in transit. The slightest change in the document will cause the values to not match and will cause the authentication to fail. |
When the message digest generated is encrypted using a key, it's called a keyed message digest. Another definition for a keyed message digest is message authentication code (HMAC).