← Lessons

quiz vs the machine

Gold1450

Security

Digital Signatures

How a private key signs and anyone with the public key verifies authenticity.

5 min read · core · beat Gold to climb

Beyond Shared Secrets

HMAC proves authenticity but requires both sides to share a secret. A digital signature removes that limit using asymmetric keys, so anyone can verify without holding the signing secret.

How Signing Works

The signer hashes the message and transforms that digest with their private key to produce a signature. Anyone with the matching public key can verify that the signature corresponds to the message and could only have come from the private key holder.

This gives three properties:

  • Authenticity, since only the private key could create a valid signature.
  • Integrity, since any change to the message breaks verification.
  • Non repudiation, since the signer cannot later deny a valid signature they alone could produce.

Signatures underpin software updates, certificates, and signed tokens. Protect the private key carefully, because anyone who steals it can forge signatures.

Key idea

A digital signature uses a private key to sign and a public key to verify, giving authenticity, integrity, and non repudiation without sharing a secret, so guard the private key above all.

Check yourself

Answer to earn rating on the learn ladder.

1. Who can verify a digital signature?

2. What property lets a signer not deny a valid signature?

3. What is the consequence of a stolen signing private key?