Digital Signatures are a way of certifying the sender of an electronic message and possibly encrypting the entire message through the use of electronic cryptography and a verifying authority. They can be used to enable confidential communications through encrypting entire messages or simply used as a verification device for communications.

Each participant in a digital signature system is issued two ‘keys’, data files used in the encryption system, generated by whoever is administering the system (an officer at your ISP, someone in your IT department, a third party company you contract with, or whatever.) Record is kept of the administrator of each key pair issued, so as to tie the key to a specific person. Why this is important will be discussed later.

One key is your public key which can (and indeed must) be shared with others who you wish to send digitally signed and / or encrypted messages to. The other key is your private key which must be kept secret (though as noted above, the administrator of the digital signature system keeps a record of the keys and who they belong to).

Whenever you send a message, you can use your private key and appropriate software to encrypt the message, so that only those who have the appropriate public key linked to it can decipher and read it. Any tampering with your message in encrypted form can be detected by any recipient who possesses the public key, as it will prevent proper decryption of the message.

They can then use your public key to send you back an encrypted message, which only you with the private key can read. (They can’t use the public key to impersonate you electronically because only the private key can decipher messages sent using the public key.)

Similarly, if you just want to establish you sent a non-encrypted message, you can attach an encrypted signature (a ‘digital signature’) to the message which can be verified by any public key holder by contacting the officer who administrates your system (the registrar mentioned earlier, who might work at your ISP or your company or a third party company depending on how your service is being provided.)

The registrar also serves the purpose of preventing fraud through issue of fraudulent public keys to people. If you have a public key, you can check with the registrar to make sure it belongs to who the sender asserts it does.

Digital signatures are not an absolutely secure system. No encryption scheme is ever perfect, and many people are not as good at keeping sensitive data secret as they should be. Private keys must be kept secret (which people are not always good about, anymore than they are with passwords), you need a reliable source of verification (which can be hard to be sure of until you get burned), and people must remember to follow the proper procedures to verify everything without getting lazy about it.

Nonetheless, digital signatures form a useful form of verification and encryption of messages for private individuals and companies alike and are coming into increasing use.