Digital signatures are already very secure the use of the public and private key during the creation of the signature makes this security all too real. But Digital signatures need to be verified to not only ensure their authenticity but also to ensure that the information contained in the digital signature is correct and authentic. The whole process of verifying a digital signature is not very difficult as we shall see shortly. But before we look at how to verify a digital signature, let's begin with the rules of digital signature verification.
To begin with, a digital signature algorithm consists of a signature verification and signature creation process. A user will generate the digital signature and another user will verify the signature using the verification process. Both the signer and the verifier have a public and private key that they use to complete each process.
The private key us used in the signature generation process and must remain secret to prevent other non-identifiable entities from using it to generate fraudulent signatures. There are also algorithms that are in place to prevent the Private key falling into another's hands or another person who is aware of the private key from using it to sign a different message. As such these digital signatures cannot be forged.
On the other hand, the public key is used in the verification process. While it need not remain a secret, the integrity of the public key must be maintained. In this sense, anyone with the public key can verify the signed message using the public key. An approved hash function is used to convert the signed message to a fixed-length representation of the message. The verifier requires assurances that the public key to be used belongs to the signer and that the originator of the document also owns the private key.
Armed with the private key and the public key, the following is a simple step by step guide to help you verify a digital signature.
Step 1:
You send a document to Person B with both the Public and Private key. Remember that the verifier needs the Public key to verify the signature and also assurances that the private key is actually owned by the originator of the document.
Step 2:
The next step is to verify the public key. The verifier can use the Certifying Authority to ensure the validity and the public key. The CA will also help the verifier authenticate the identity of the sender, ensure that they are who they say they are.
Step 3:
If the authenticity of the public key is confirmed, you can then enter the secret private key to decrypt the document and the document is signed. If the private key is incorrect the signature of the document cannot be verified. This is why it is essential to verify the identity of the sender with the Certificate Authority.
Still get confused or have more suggestions? Leave your thoughts to Community Center and we will reply within 24 hours.