What are Digital Signatures on emails and how do they protect me?
Digital Signatures are pretty much what they sound like: the digital
equivalent of signing a document. If you digitally sign a message, it proves
that you, and only you, actually did the signing.
In addition, it also allows the recipient of the message to confirm that the
message wasn’t changed after you signed it.
There is, of course, a catch. And we need to understand just a little about
“public key cryptography”.
Become a Patron of Ask Leo! and go ad-free!
Don’t let the phrase fool you. While public key cryptography is a really,
really complex science, the concepts you need to know to use it are
really, really simple, once you get your brain around one concept.
You’re probably already aware of simple encryption – you take a file, run it
through an encryption tool of some sort that takes a password, and the file is
scrambled using that password. In order to read the file, you need to run the
file through the decryption tool, and you must supply the correct password
again. This is called “symmetric” encryption, because you use the same password
to encrypt, and then to decrypt the file.
really complex science, the concepts you need to know to use it are
really, really simple…”
Enter asymmetric encryption. With this type of encryption,
you use one password (now called a key) to encrypt your data, but then you
use a different key to decrypt it.
Think about that for a moment, because it’s not at all obvious.
That means that I might encrypt a file using a key, say “rubberduck”, but in
order to decrypt that file, you need to supply a different key, say “platypus”.
(“rubberduck” and “platypus” are just simple examples, and not actual, working,
Now, not just any two keys will do. These two keys go together. Only
“platypus” can decrypt something that was encrypted using “rubberduck”. And,
very conveniently, the opposite works as well: if you encrypt something using
“platypus”, only “rubberduck” can decrypt it. These keys must be chosen, or
rather, mathematically generated as a pair, in order for this relationship to
hold. Together they are a key pair.
Here’s where things get interesting.
What if I generated my pair of keys, and I keep one secret, and told the
world the other one? Let’s say I keep “rubberduck” a secret – no one knows
that’s the key that matches “platypus”. But I tell world that my “public key”
is “platypus”. Here’s what that enables:
Someone can encrypt a message to me, using my public key (“platypus”), and
know that only I can decrypt it. Because only I know that “rubberduck”
is the matching key that will decrypt something encrypted with “platypus”.
I can encrypt a message using my private key (“rubberduck”), and anyone can
decrypt it with my public key (“platypus”). Sounds pointless if anyone can
decrypt it, until you realize that since they can, they know the message
came from me. Only I have the private key that matches, only I can encrypt
something that would be decryptable with my public key.
But so far, that’s all been “encryption”, not “signing”. One more concept is
We now need to understand something called a “hash”. As a VERY simple
example, let’s say I assigned a value from 0 to 255 for every character in the
alphabet, every symbol, and every number that might appear in a text message.
Now, I take a message and I add up all the numbers corresponding to all the
characters in that message. The resulting number is a “hash value” of that
Now, just adding up the numbers happens to be a very poor hash algorithm,
because it’s easy to get two different messages to generate the same hash
value, and it’s also easy to alter a message to get the hash value you want.
Change one ‘a’ to a ‘b’, and anther ‘z’ to a ‘y’, and the hash of the message
might well calculate to exactly the same value.
Enter the “sha” algorithm. This is a complex mathematical algorithm that has
the following two properties:
It’s statistically extremely unlikely that an sha hash of two
different messages would ever generate the same hash value
It’s effectively impossible to generate or alter a message to generate a
specific, desired, sha hash value.
There are other hash algorithms besides sha – md5 being the most common.
Now let’s pull this together for signing…
After you’ve composed an email message, and you digitally sign it, this is
an sha hash of your email message is calculated
that sha hash is then encrypted using your private key
the encrypted sha hash is then appended below your email message.
Your recipient can then validate your message by:
decrypting the sha hash using your public key – if that works, they
know the message came from you
calculating the sha hash of the message, and comparing their result to the
decrypted sha hash that you included as your signature. If the hash values
match, they know that the message was not altered.
One question that typically comes up is this: why not just encrypt the
Absolutely you can do that. In fact, if you want to maintain absolute
security about the contents of your message, that’s exactly what you must
But for situations where that type of security is not required, digital
signing of this form adds very little overhead, gets you the validation you
want, and allows your recipient to still read the message immediately, without
Here’s an example of a signed message:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an example of signed email. Leo - ------------------------------------------------------------------------ Tech Questions? Get Answers: http://ask-leo.com Suffering from Email Overload? http://www.tamingemail.com Sooner or later, the jokes stop here: http://www.forwardedfunnies.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFErFtgCMEe9B/8oqERAupmAKCLH0gSQUJjXQd/SYfjAWAaP/I6mwCgiAT1 1Rpc2RK7GB29LToJfPrYOwg= =z7A1 -----END PGP SIGNATURE-----
You can see that I’m using GnuPG as my encryption tool. It includes the
original message, and below it, the appended digital signature.
And here’s my public key (my real-world equivalent to “platypus”,
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.0 (MingW32) mQGiBEAMxJ8RBACLpXeaL3xmp2nm4Np8FE0Ew33a8ARq19Nlny/c5+PbUy5SDTLC VKL9+yUo6BkB15fsAVfaR9boExE6qY0XO5ikplzsqVgZIRLOxC7/3/RyelKPaBAV RK4J8tq0SjFpFW3RyIvBUYxYpRdRKqchZ1MudjXiltPFNHrHSZB4qvDbQwCgkCRw SrbcNfD9Cktzlg6rWvTXApcD/3/6THdi+FIM1ibLUhp8+RQPDRomXCjCugJReQe9 BAG8DaG9w/BtbrjLYcrIklK9xW9fQWNIga24NCaaam5JjbWBz9O0MKdpuG/FSJen g9isVUx3GEMUslMYuF+6Hiojbs5AWs6PGBpR8Xtfx2TRKnw/z+RIoqMlXHMo5DjK TmOgA/0VGhD5JPSKjvL6y8jMaqn0Z+hS5DPl5qJJ/4/s0k0C4IEvA9lwcDgBL78w hhz3vfCazMfQcWkb/u9voyzl1M6OANf/NZ77QXLWPmW5iyOI0mEo7S9vlzsIRnDw G9s3NYwR2W4qYY9RfvKSVJnJiTWTke+uOsB3cv3KP64A+chpqLQhTGVvIE5vdGVu Ym9vbSA8bGVvQG5vdGVuYm9vbS5vcmc+iF4EExECAB4FAkK0xusCGwMGCwkIBwMC AxUCAwMWAgECHgECF4AACgkQCMEe9B/8oqHQxQCfQFvVYEP2PXweI/rYag0TzC6D a/IAn3NnbgW2bPBq0OhHzcRsnoaQRNuCtCpMZW8gQS4gTm90ZW5ib29tIDxsZW9A ZG9sbHNhbmRmcmllbmRzLmNvbT6IXgQTEQIAHgUCQAzEnwIbAwYLCQgHAwIDFQID AxYCAQIeAQIXgAAKCRAIwR70H/yioQX5AJ9ourcC3wEziET3ad3U5sifyiBjHgCe L8RJ1sbIDJONZE9s92PzLGtI1Fe0LUxlbyBBLiBOb3RlbmJvb20gPGxlb0BwdWdl dHNvdW5kc29mdHdhcmUuY29tPoheBBMRAgAeBQJECOpWAhsDBgsJCAcDAgMVAgMD FgIBAh4BAheAAAoJEAjBHvQf/KKhHC8An3quXcx18qdBtBP+/ZWSPyh+DsKHAJkB WtjBL19qvXgubF+fe8AVITzrr7kBDQRADMShEAQAySWtJ0ySYcNBCPePEsZyA2uW ljCgkgUaJZAwQPwMAVKAQgMXmcexn3P49X99gKU7YfiyeABJCF/ZXTFiSLiJRGsM /mNZJ+T1+nxXM3OzQsRCwg24cK7zBiUh5xIiq1kqKC6Gcr8tS3YVr2UOut+S9cnD VndVRnjQzVc4QAJ+JNMAAwUEAIJvn1Qbjh9XKh43QXrmm0Ms+YrmWNtJ7uCgrd8A dHLWKTgaYc2/rDW/MhYf0ZL5Xlf+nojG3saj4qdvY5LtJy6Yz1LBDZ+cUm5mb3No viHGwjGue+fCeD5YkmFEEASPwCt2iuADowH46rPPQbEbw/NYCIHDGlFj/EgCaPjq aFg9iEkEGBECAAkFAkAMxKECGwwACgkQCMEe9B/8oqEyKACeMBH8qLMAy5WVB2VQ /aHodrSTv64An1udEMkuuub3Ybuo3JhHMjnbixWc =0j0h -----END PGP PUBLIC KEY BLOCK-----
(You can see that public/private keys used for digital signing are much more
involved that simple passwords like “rubberduck” or “platypus”.)
Using that public key, you can now verify my signature. Since only I have
the matching private key, only I could have encrypted the hash of the message,
and hence only I could have signed it.
Public key encryption, and digital signing is some heavy duty computing.
Heavy duty enough that when used properly it’s considered one of the most
secure ways to encrypt data and verify identity in the digital world.
The good news, though, is that while the mathematics is complex and the
computing is quite involved, you only really need to deal with the much more
simple, high level concepts.