Digital signatures are a method of authenticating digital information, in the same sense that an individual signing a paper document (or applying the seal of an organization) authenticates it.

A digital signature is itself simply a sequence of bits conforming to one of a number of standards in the area.

Most digital signatures rely on public key cryptography to work, and a basic understanding of the principles of these systems is required to understand how digital signatures work. Consider the case of two people, Alice and Bob. Bob wants Alice (and other people, for that matter) to be able to send secret messages to him. To do this, Bob generates a key pair consisting of two related "keys". One key, called the public key, can easily be computed from the other, called the secret or private key; but it is impractical, even for a well-funded organization, to compute the private key from the public key. Bob keeps his private key secret, and publishes his public key (on his webpage, for example, or by sending it to a keyserver).

Alice retrieves Bob's public key and scrambles or encrypts the message with it. Once encrypted with the public key, it cannot be descrambled or decrypted without the private key, so any person who intercepts the message cannot read the contents, even with Bob's public key. When Bob receives the message, he decrypts it using his private key. Therefore, the message is kept secret, and Bob and Alice do not need another "secure" channel to exchange a shared key.

The above is a simple outline of the methods, and does not deal with the details of how the key pairs are generated, how they are applied to encrypt and decrypt the message, and what prevents an attacker with access to the scrambled message and the public key from retrieving the unscrambled message or the secret key. See public key cryptography for more details.

The whole system depends on the fact that anyone can transform a message using a public key, but the private key is needed to reverse that transformation. Now consider a different scenario, where Bob wants to send a message to Alice that he wants to prove came from him (but doesn't care whether anybody else reads it). In this case, Bob sends an unscrambled copy of the message to Alice, along with a copy of the message scrambled with his private (not public) key. Alice (or any other recipient) can then check whether the message really came from Bob by unscrambling the scrambled message with Bob's public key and comparing it with the unscrambled version. If they match, the message was really from Bob, because the private key was needed to create the signature and no one but Bob has it. The scrambled copy is a digital signature because anyone can use Bob's public key to verify that Bob created it.

Often, Bob applies a cryptographically strong hash function to the message and encrypts the resulting message digest instead of the entire message, which makes the signature significantly shorter than the message and saves considerable time (since hashing is generally much faster, byte for byte, than public-key encryption). In this case, the scheme may be susceptible to a birthday attack.

To finish: current and future applications, actual algorithms, standards, why not adopted as widely as expected, etc.

Some digital signature algorithms include:

Table of contents
1 Legal aspects
2 Legal cases

Legal aspects

United States

Legislation concerning the effect and validity of digital signatures includes:

Legal cases

Court decisions discussing the effect and validity of digital signatures or digital signature-related legislation: