According to the hash algorithm agreed by both parties, a fixed number of message digests are obtained. Mathematically, as long as any bit in the message changes, the recalculated message digest value will not match the original value. This ensures the invariance of the message.

Encrypt the message digest value with the sender's private key (there is no problem to decrypt the plaintext, and you will get an unreadable plaintext), and then send it to the receiver together with the original message. The encrypted message is called a digital signature.

After receiving the digital signature, the receiver uses the same hash algorithm to calculate the message digest value of the original message, and then compares it with the message digest value obtained by decrypting the digital signature with the sender's public key (the signature was encrypted before decryption). If they are equal, it means that the message really comes from the claimed sender.

(Because only the signer who owns the private key can generate a signature by decrypting the digest, it is secure and undeniable. )

Then why encrypt the message digest instead of the original message? This is because RSA encryption and decryption are very time consuming. The larger the encrypted message, the more time it takes. Therefore, smart humans can still play the same role by encrypting their digests (because the message digests are much smaller than the original messages). This is why there is an extra message digest.