Simply put, a digital signature is some data attached to a data unit, or a cryptographic transformation of a data unit. This data or transformation allows the receiver of the data unit to confirm the source and integrity of the data unit and protect the data from being forged by people (such as the receiver). It is a method of signing electronic messages, and a signed message can be transmitted in a communication network. Digital signature can be obtained based on both public key cryptosystem and private key cryptosystem, and at present, digital signature based on public key cryptosystem is the main one. Include general digital signature and special digital signature. Common digital signature algorithms include RSA, ElGamal, Fiat-Shamir, Guillou-Quisqour, Schnorr, Ong-Schnorr-Shamir, Des/DSA, elliptic curve digital signature algorithm and finite automata digital signature algorithm. Special digital signatures include blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature, signature with message recovery function, etc. It is closely related to the specific application environment. Obviously, the application of digital signature involves legal issues, and the federal government of the United States has formulated its own digital signature standard (DSS) based on the discrete logarithm problem over a finite field. Some countries, such as France and Germany, have enacted digital signature laws.

there are many ways to realize digital signature. at present, public key encryption technology is widely used in digital signature, such as PKCS (public key cryptography standards), Digital Signature Algorithm, x.59 and PGP(Pretty Good Privacy) based on RSA Date Security company. In 1994, American Institute of Standards and Technology published the digital signature standard, which made public key encryption technology widely used. The public key encryption system adopts asymmetric encryption algorithm.

At present, digital signature is based on public key system, which is another application of public key encryption technology. Its main way is that the sender of the message generates a 128-bit hash value (or message digest) from the message text. The sender encrypts this hash value with his own private key to form the sender's digital signature. Then, this digital signature will be sent to the receiver of the message as an attachment to the message. The receiver of the message first calculates the 128-bit hash value (or message digest) from the received original message, and then decrypts the digital signature attached to the message with the public key of the sender. If the two hash values are the same, the receiver can confirm that the digital signature belongs to the sender. The original message can be authenticated by digital signature.

Signing a written document is a means to confirm the document, which has two functions: first, it is difficult to deny one's signature, thus confirming the fact that the document has been signed; Second, because the signature is not easy to counterfeit, the fact that the document is true is confirmed.

There are similarities between digital signature and written document signature. Using digital signature can also confirm the following two points: First, the information was sent by the signer; Second, the information has not been modified since it was issued until it was received. In this way, digital signature can be used to prevent electronic information from being falsified because it is easy to be modified, or from sending information in the name of others. Or send (receive) a letter and then deny it.

there are three widely used digital signature methods, namely, RSA signature, DSS signature and Hash signature. These three algorithms can be used separately or together. Digital signature is realized by encrypting and decrypting data through cryptographic algorithm, and digital signature can be realized by DES calculation and RSA algorithm. But all three technologies are more or less flawed, or there are no mature standards.

The biggest convenience of using RSA or other public key cryptography algorithms is that there is no key distribution problem (the more complex the network and the more network users, the more obvious its advantages). Because public key encryption uses two different keys, one of which is public and the other is secret. The public key can be stored in the system directory, in the unencrypted e-mail message, on the yellow pages of the telephone (commercial telephone) or on the bulletin board, and any user on the Internet can obtain the public key. The private key is user-specific and held by the user himself, which can decrypt the information encrypted by the public key.

the digital signature technology in RSA algorithm is actually realized by a hash function. The characteristic of digital signature is that it represents the characteristics of a file. If the file changes, the value of digital signature will also change. Different files will get different digital signatures. One of the simplest hash functions is to accumulate the binary codes of the file and take the last few bits. Hash function is public to both parties who send data. Only by adding digital signature and verification can the secure transmission on the public network be truly realized. The file transfer process with digital signature and verification is as follows:

The sender first obtains the digital signature from the original text with a hash function, and then encrypts the digital signature with the private key of the developed party with a public key system, and appends the encrypted digital signature to the original text to be sent;

the sender selects a secret key to encrypt the file and transmits the encrypted file to the receiver through the network;

the sender encrypts the secret key with the public key of the receiver, and transmits the encrypted secret key to the receiver through the network;

the receiver decrypts the key information with its own private key to obtain the plaintext of the secret key;

the receiver decrypts the file with the secret key to obtain an encrypted digital signature;

the receiver decrypts the digital signature with the public key of the sender to obtain the plaintext of the digital signature;

the receiver recalculates the digital signature with the obtained plaintext and hash function, and compares it with the decrypted digital signature. If the two digital signatures are the same, it means that the file was not destroyed during transmission.

if a third party sends a file pretending to be the sender, because the receiver uses the sender's public key when decrypting the digital signature, as long as the third party doesn't know the sender's private key, the decrypted digital signature and the calculated digital signature must be different. This provides a safe way to confirm the identity of the sender.

a secure digital signature enables the receiver to be assured that the file really comes from the purported sender. Since the private key of the signature is only kept by the sender himself, and no one else can make the same digital signature, he cannot deny that he participated in the transaction.

Although both the encryption and decryption processes of digital signature and private key use public key system, the implementation processes are just the opposite, and the key pairs used are also different. Digital signature uses the sender's key pair, the sender encrypts with its own private key, and the receiver decrypts with the sender's public key. This is a one-to-many relationship: anyone who owns the sender's public key can verify the correctness of the digital signature, while the encryption and decryption of the private key uses the receiver's key pair, which is a many-to-one relationship: anyone who knows the receiver's public key can send encrypted information to the receiver, and only the only person who owns the receiver's private key can decrypt the information. In practice, a user usually has two key pairs, one for encrypting and decrypting digital signatures and the other for encrypting and decrypting private keys. This method provides higher security.