Electronic signatures

Introduction to the concept of electronic signatures

The paradigm of electronic signatures (also called digital signatures) is a process that makes it possible to guarantee the sender's authenticity (authentication function) and verify the integrity of the received message.

Electronic signatures also feature a non-repudiation function, that is, they make it possible to ensure the sender really sent the message (in other words, they keep the sender from denying he sent the message).

What is a hash function?

A hash function is a function that makes it possible to obtain a hash (also called a message digest) of a text, that is, a fairly short series of characters representing the text it hashes. The hash function must be such that it associates just one hash with a plaintext (this means the slightest modification to the document will cause its hash to be modified). Moreover, it must be a one-way function so the original message cannot be retraced from the hash. If there is a way to find the plaintext from the hash, the hash function is said to have a "trapdoor".

creating a document\'s fingerprint using a hash function

As such, the hash can be said to represent the document's fingerprint.

The most widely used hash algorithms are:

  • MD5 (MD meaning Message Digest). Developed by Rivest in 1991, MD5 creates a 128-bit fingerprint from a randomly sized text by processing it in 512-bit blocks. It is common to see downloaded documents from the Internet accompanied by an MD5 file: this is the document's hash that makes it possible to verify the document's integrity)
  • SHA (for Secure Hash Algorithm) creates fingerprints that are 160 bits long.
  • SHA-1 is an improved version of SHA dating from 1994 and producing a 160-bit fingerprint from a message with a maximum length of 264 bits by processing it in 512-bit blocks.

Integrity verification

By sending a message along with its hash, it is possible to guarantee a message's integrity, that is, the recipient can make sure the message was not altered (intentionally or by chance) during the communication.

ensuring integrity using the document\'s fingerprint

When receiving the message, the recipient simply has to calculate the received message's hash and compare it with the hash accompanying the document. If the message (or the hash) was falsified during the communication, the two fingerprints will not match.

Data sealing

Using a hash function makes it possible to verify that the fingerprint corresponds to the received message, but nothing proves the message was actually sent by the person claiming to be the sender.

To guarantee the message's authenticity, the sender simply has to encrypt (we generally say sign) the hash using his private key (the signed hash is called a seal) and send the seal to the recipient.

document sealing function

When receiving the message, the recipient simply has to decrypt the seal with the sender's public key, then compare the hash obtained with the hash function with the hash received as an attachment. This seal creation function is called sealing.

More information

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Electronic signatures », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!