What's the difference between a Digital Signature and a Public Key?

Learn about Computer Security Digital Certificates and Digital Signing
1

What’s the difference between a Digital Signature and a Public Key, aren’t they both the same thing?

As far as I’m aware, when I Sign an e-mail, it attach’s a copy of my Public Key to the e-mail. This is why I believe that the Digital Signature and the Public Key are just Two names that mean the same thing… Please tell me if I am wrong.

Thanks.

P.S. Please hurry. I need this information for my Video Tutorial which is around 65% almost ready.

2

No, a digital signature is not the same as a public key.

You need a secret/public key pair to digitally sign a document. Further the used cryptographic algorithm has to provide the following property:

decrypt(encrypt( plaintext )) = plaintext = encrypt(decrypt( plaintext ))

encrypt: Applying the public key with a mathematical formula to the argument
decrypt: Applying the secret key with a mathematical formula to the argument

While the left equation holds for any encryption, the right equation gives the possibility to digitally sign.

The public key is needed to verify the digital signature, this is the reason, why it’s attached to every signed mail.

Basically a digital signature works the following way:

  • A checksum from the text you want to sign is calculated
  • The secret key is applied to the checksum (“encryption” with the secret key)
  • The encrypted checksum is added to the mail

To verify a signature:

  • Calculate the checksum from the text
  • apply the public key on the encrypted checksum attached (look at the right equation)
  • compare if the checksums are equal

Then you know:

  • The owner of the secret key is the sender of the message, because he’s the only person who knows the secret key and therefore can encrypt the checksum with it.
  • The text wasn’t changed, because the checksums are equal and no other person can produce a secret-key-encrypted checksum after modifying the text

Regards,
Michael

3

I think I’ve Gotchya’! :-TU

Question:
Is the Digital Signature the Encrypted Checksum?

4

Yes :slight_smile:

5

Thanks again Mike. Everything is crystal clear now! ;D :-TU

If anyone is having difficulty understanding this, please look at the diagram below and note that, the ‘Encrypted Message Digest’ is the same thing that Mike called the ‘Encrypted Checksum’ (AKA, the ‘Digital Signature’)…

Image Source: 9.3.3. Digital signatures: Integrity in public-key systems

http://gdp.globus.org/gt4-tutorial/multiplehtml/images/security_concepts_digitalsig.png