Digital Signature – cryptographic basics

With the help of the digital signature, a person can sign data and documents electronically. The handwritten signature is not available in digital form. Instead, the digital signature is a security method equivalent to the personal signature. Like a handwritten signature, the electronic signature is inseparably linked to the respective document. It can be viewed by any user but can only be changed by the signatory himself.

Encrypted hash values (checksums) are processed by means of cryptography. A possible change of the data can thus be detected immediately. This procedure guarantees the integrity of the data and makes the digital signature a secure procedure.

A hash is a strongly reduced representation of a digital information. The mapping from the digital information to the hash is unambiguous with a probability bordering on certainty. The reverse mapping (return path) from the hash to the original digital information is practically impossible.

The algorithms used to calculate a hash ensure that small changes in the digital information lead to large changes in the hash. This also means that a recalculation is not possible in practice.

The most common algorithm for hash calculations is currently SHA256, which generates a hash with a fixed length of 256 bits.

Asymmetric keys are a basic technique for modern digital signature procedures. In general, a key is used in such applications to encrypt information. The special characteristic of asymmetric keys is that decryption is only possible with the other key.

The first key of such a pair is defined and designated as « private ». The second key is calculated from the first and is called « public ». Similar to hash values, it is not possible in practice to calculate back from the public to the private key.

The private key must be kept secret by the owner. Additional methods, such as procedures involving the entry of user name and password, can further strengthen the security of using this key.

In contrast, the public key is made known to the largest possible number of users. Access via the Internet makes the usability as simple and real-time as possible.

The digital encryption of information using asymmetric keys is always oriented towards the recipient. The decisive factor is that a defined recipient can decrypt the message and no other recipient can do this.

For this purpose, the digital information is encrypted with the freely accessible public key of the recipient. As is well known, decryption is not possible with the public key or with a key of another pair. Only the private key of the recipient can decrypt the digital information.

The disadvantage of this procedure is that the recipient cannot determine the identity of the sender.

To sign digital information, at least the hash value of the information is encrypted with the signer’s private key. The hash value can be decrypted with the freely accessible associated public key. The possibility of decryption proves the authenticity of the signer and that the digital information has not been changed after the time of signature. The recalculation of the hash value from the digital information proves that the digital signature belongs to the digital information.