Digital Signatures

Digital signatures are used to demonstrate the authenticity of a digital message.

Digital signatures employ asymmetric cryptography to prevent messages from being forged or tampered with. Often this is done to allow a layer of validation when sending data through an insecure channel.

For instance, websites often exchange cookies with a user to allow a session to be established. A malicious user may attempt to manipulate a cookie in order to impersonate another user. This kind of attack can be prevented by digitally signing the cookie data being sent out from the website. When the cookie data is submitted back, the digital signature is recalculated. A mismatched signature is evidence of tampering, so the cookie should be discarded.

Digital signatures are also employed to validate downloaded files in many instances.

Further Reading