Digital Signatures: Verifying Integrity and Signing-Key Authority
📑 On this page
- A concrete example: signed software update
- The signing process
- The verification process
- Why hashes are involved
- What a signature proves
- Identity and certificates
- Sign the right context
- Canonical encoding
- Replay protection
- Timestamps
- Code signing
- Document signing
- Key compromise
- Algorithm agility
- Signature versus encryption
- Verify before interpretation or execution
- Knowledge check
- The one idea to remember
When software downloads an update, it needs more than encrypted transport. It needs evidence that the artifact came from an approved publisher and did not change.
A digital signature is created with a private key and verified with the corresponding public key to provide integrity and evidence of signing-key possession.
Trust in the result also depends on connecting that key to the intended signer and protecting the private key.
A concrete example: signed software update
A publisher:
- builds an update,
- computes a cryptographic digest,
- signs the relevant artifact and metadata,
- and distributes the update with its signature.
The operating system verifies the signature with a trusted publisher key before installation. A modified file produces a failed verification.
The signing process
At a high level:
- a cryptographic hash summarizes the data,
- the signature algorithm combines the digest with the private key,
- and the resulting signature travels with the data.
The exact procedure includes algorithm-specific encoding and randomness or deterministic nonce generation. Use established libraries.
The verification process
The verifier receives:
- the data,
- signature,
- public key,
- and algorithm information.
It recomputes the digest and checks the signature. Success means the signature is valid for that data and key under the algorithm.
Verification failure should stop the protected operation, not merely produce a warning that users routinely bypass.
Why hashes are involved
Cryptographic hash functions convert arbitrary-size data into fixed-size digests. A small data change should produce a substantially different digest.
Signing a digest is efficient and binds the signature to the content. But the complete signed format must prevent ambiguity about what fields are included and how they are encoded.
What a signature proves
Given trustworthy key identity and custody, a valid signature supports:
- integrity of signed bytes,
- possession or use of the private key,
- and authorization associated with that key.
It does not by itself prove when the signature was made, who physically pressed a button, or whether the signed statement is true.
Identity and certificates
A verifier must know why it trusts the public key.
Software ecosystems may use certificates, signed key directories, pinned keys, or package-manager trust roots. If an attacker can replace both the artifact and the public key, local signature math offers no protection.
Trust distribution is part of the system.
Sign the right context
A signature over “approve 100” is ambiguous. It should bind:
- currency,
- recipient,
- account,
- transaction identifier,
- environment,
- expiry,
- and protocol version.
Context prevents a valid signature from being replayed for a different purpose.
Canonical encoding
Structured data can have several byte representations: field order, whitespace, number formatting, and Unicode may differ.
Sign a defined canonical representation or a protocol-defined binary encoding. Otherwise sender and verifier may calculate different bytes, or attackers may exploit inconsistent parsing.
Replay protection
A valid old signed command may still be dangerous.
Include nonces, sequence numbers, timestamps, expirations, or unique operation IDs and track their use. A signature proves authenticity of the message, not freshness.
Timestamps
A trusted timestamp service can provide evidence that a signature existed at a certain time.
This matters when a signing certificate later expires or is revoked. Long-term validation may preserve the signature, certificate chain, timestamp, and revocation evidence needed to evaluate historical validity.
Code signing
Code-signing systems should protect:
- source and build pipeline,
- signing service,
- release authorization,
- key access,
- artifact provenance,
- and distribution channel.
Signing malicious output faithfully does not make it safe. Security must begin before the signing step.
Document signing
For contracts or approvals, define what the signer saw, how identity was authenticated, which fields were covered, and how consent was expressed.
Legal significance depends on jurisdiction, process, identity assurance, records, and intent, not only cryptographic validity.
Key compromise
If a signing key is stolen, attackers can produce valid-looking signatures.
Prepare:
- rapid revocation,
- trusted key replacement,
- affected-artifact inventory,
- transparency or audit logs,
- incident communication,
- and verification updates.
High-value signing can require hardware protection and multi-person approval.
Algorithm agility
Signed formats and verifiers should support secure algorithm migration without accepting dangerous downgrade.
Record algorithm identifiers explicitly, reject obsolete combinations, and test interoperability. Long-lived artifacts may need re-signing or archival evidence as cryptographic guidance changes.
Signature versus encryption
A signature does not hide content; anyone may read signed public data. Encryption provides confidentiality.
Systems may sign, encrypt, or do both in a protocol-defined order. They solve different properties and require different key handling.
Verify before interpretation or execution
Signature verification should happen before untrusted content is parsed deeply, installed, or executed whenever the format permits. The verifier should also bind the result to the expected artifact type and trust policy.
A valid signature from a test key must not authorize a production update. A package signature should not automatically authorize a financial instruction. Check signer identity, allowed purpose, environment, version, and policy in addition to the cryptographic result.
Return distinct errors for malformed data, unknown signer, expired trust, revoked key, and invalid signature internally. User-facing messages can remain simple without erasing evidence needed for incident investigation.
Knowledge check
- What inputs are needed to verify a signature?
- What does successful verification prove and not prove?
- Why should signed messages include context?
- How is replay prevented?
- What must happen after signing-key compromise?
The one idea to remember
Digital signatures bind exact data to private-key authority and let others verify integrity with a public key. Their real assurance depends on trusted key identity, protected signing, unambiguous encoding, freshness, revocation, and the wider process around approval.