Simply put, the so-called digital signature is some data attached to the data unit, or the cryptographic transformation of the data unit. This kind of data or transformation allows the receiver of the data unit to confirm the source and integrity of the data unit, and protects the data from being forged by people (such as the receiver). This is a method of signing an electronic message, and the signed message can be transmitted in a communication network. Digital signature can be obtained based on both public key cryptosystem and private key cryptosystem. At present, digital signature is mainly based on public key cryptosystem. Include general digital signature and special digital signature. Common digital signature algorithms include RSA, ElGamal, Fiat-Shamir, Guillou-Quisqour, Schnorr, Ong-Schnorr-Shamir, Des/DSA, elliptic curve digital signature algorithm and finite automaton digital signature algorithm. Special digital signatures include blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature, signature with message recovery function and so on. It is closely related to the specific application environment. Obviously, the application of digital signature involves legal issues, and the federal government of the United States has formulated its own digital signature standard (DSS) based on the discrete logarithm problem over a finite field.

Digital signature technology is a typical application of asymmetric encryption algorithm. The application process of digital signature is that the sender of the data source encrypts the data checksum or other variables related to the data content with his own private key to complete the legal "signature" of the data, and the receiver of the data interprets the received "digital signature" with the public key of the other party, and uses the interpretation result to check the integrity of the data to confirm the legality of the signature. Digital signature technology is an important technology to confirm identity in the virtual environment of network system, which can completely replace the "autograph" in the real process and get technical and legal protection. In the management of public and private keys, the application of digital signature is just the opposite of PGP technology for encrypting emails. In the application of digital signature, the sender's public key is easy to obtain, but his private key needs to be kept strictly confidential.

The main functions of digital signature are: to ensure the integrity of information transmission, to authenticate the identity of the sender, and to prevent denial in transactions.

Digital signature technology encrypts abstract information with the sender's private key and sends it to the receiver together with the original text. The receiver can decrypt the encrypted digest information only with the sent public key, and then generate the digest information for the received original text with a hash function, and compare it with the decrypted digest information. If they are the same, it means that the received information is complete and has not been modified during transmission, otherwise it means that the information has been modified, so the digital signature can verify the integrity of the information.

Digital signature is an encryption process and digital signature verification is a decryption process.

Personal secure e-mail certificate with digital signature function is a kind of user certificate, which refers to the certificate that unit users must have when using certificate mechanism to ensure the safety of sending and receiving e-mail. Personal secure e-mail certificate is a digital security certificate conforming to x.509 standard. By combining digital certificate and S/MIME technology, ordinary e-mail is encrypted and digitally signed to ensure the security, confidentiality, sender identity confirmation and non-repudiation of e-mail content. Personal secure e-mail certificate with digital signature function includes the e-mail address of the certificate holder, the public key of the certificate holder, the issuer (Henan CA) and the signer's signature on the certificate. The realization of the function of personal secure e-mail certificate depends on whether the e-mail system used by users supports the corresponding functions. At present, MS Outlook, Outlook Express, Foxmail and Henan CA secure mail systems all support corresponding functions. Personal security e-mail certificate can be used to send and receive encrypted and digitally signed e-mail, which ensures the confidentiality, integrity and non-repudiation in e-mail transmission and the authenticity of the identities of all parties in e-mail communication.