digital signature | RSA Information Security Glossary

digital signature

A digital signature uses encryption technology to do two things. It proves that the message hasn’t been changed in transit, called message integrity, and it also links ownership to the information, called non-repudiation.

In order to prove that the message wasn’t changed the message is cryptographically transformed to a set of values, called a hash or a digest. The hash or digest is also sometimes referred to as a fingerprint because statistically, the chance of this hash or digest being the same value for any other message is almost impossible. The hash or digest is sent along with the message and the same transformation is run at the other end. Any attempts to alter the information in transit will result in a message that no longer matches its digital signature.

In order to link ownership, before the message is sent, a second operation is performed. The private key of the sender is used to encrypt the hash or digest. The receiver uses the sender’s public key to decrypt the digest. This proves that the message could only come from the person who holds the private key.

21 CFR Part 11 access control, access management AES Alerting, alerts Anti-phishing service Anti-Phishing Working Group (APWG)authentication authorization Basel II Baseline, baselining biometrics/biometric authentication California AB 1950 and SB 1386 call center call center assist Card Management Systems (CMS)CAS certificate authority, certification authority (CA)Certificate Revocation List (CRL)Chip and PIN COBIT control framework credentials, credential store CVV DAS digital certificate digital identity digital rights management (DRM)digital signature directory service E-Authentication Initiative EMV™endpoint authentication EPS EU Data Protection Directive factoring, prime numbers Federal Information Processing Standards (FIPS)federated identity FFIEC FFIEC Online Banking Authentication Guidance FIPS 140 FIPS 201 GINA Gramm-Leach-Bliley Act (GLBA)hardware authenticator hijacking HIPAA Homeland Security Presidential Directive – Number 12 (HSPD-12)Identity and Access Management (IAM)identity theft Intelligent Questioning IPSec ISO 17799 ISO27002 key logging key management Knowledge Based Authentication (KBA)layered authentication LDAP Liberty Alliance, Liberty ID-FF logical access, physical access man-in-the-middle attacks (MITM)MasterCard's Chip Authentication Protocol (CAP)Microsoft.NET, Passport MPEG-LA mutual authentication NIST OASIS Open Mobile Alliance (OMA)OTP (One-Time Password)OTPS password, passcode, pass code Payment Card Industry (PCI) Data Security Standard Personal Identity Verification card (PIV Card)pharming phishing PKCS PKI provisioning RADIUS RBAC (Role Based Access Control)RC2, RC4, RC5, etc.RFID risk-based authentication RSA algorithm S/MIME SAML Sarbanes-Oxley Act (SOX)seed record sequential questions Service Oriented Architecture (SOA)single sign-on (SSO)smart badging smart card smart chip spoofing SSL-VPN strong authentication symmetric key cryptography time synchronous authentication token Trojans two-factor authentication U.K. Identity Cards Bill USB token user life-cycle management verification Visa's Dynamic Passcode Authentication (DPA)VPN web access management web services WS-Security XML	digital signature A digital signature uses encryption technology to do two things. It proves that the message hasn’t been changed in transit, called message integrity, and it also links ownership to the information, called non-repudiation. In order to prove that the message wasn’t changed the message is cryptographically transformed to a set of values, called a hash or a digest. The hash or digest is also sometimes referred to as a fingerprint because statistically, the chance of this hash or digest being the same value for any other message is almost impossible. The hash or digest is sent along with the message and the same transformation is run at the other end. Any attempts to alter the information in transit will result in a message that no longer matches its digital signature. In order to link ownership, before the message is sent, a second operation is performed. The private key of the sender is used to encrypt the hash or digest. The receiver uses the sender’s public key to decrypt the digest. This proves that the message could only come from the person who holds the private key. Top of Page	Related Terms digital certificate Related Links Secure Enterprise Data Regulatory Compliance RSA Digital Certificate Solutions
		Email to a friend Print