Digital signature cryptography is a relatively new concept, but the mechanics are ancient.
Like all encryption, it starts with a basic concept: A message or string of information is scrambled into a form that can be deciphered only an authorized reader.
An encrypted message is unreadable unless you have a "key," essentially a code book or formula used to translate the garbled message back into readable language. These keys are at the heart of today's digital signature technology.
Traditional encryption required that the sender and receiver have the same key. But digital signatures use a relatively new scheme, public key cryptography. This gives each user two digital keys, one public and one private. Here's how it works:
You purchase a "digital certificate" from a vendor such as Verisign or Arcanvs who serves as a "certificate authority" responsible for assuring the identity of the certificate holder. This is a computer-based record that contains your identification information and the public key used to verify your digital signature (a unique, random sequence of more than 50 characters). At the same time, you receive a "private" key that only you know.
The process starts by analyzing the document you're sending and creating a mathematical "hash," which is yet another string of characters that's much shorter than your message but is still unique. When you "sign" a document electronically, your browser or e-mail program uses your private encryption key to encrypt this hash to form your digital signature.
Your correspondent gets the message, plus a "digital" package that includes your certificate (containing your name and public key) and your digital signature. His software checks with the issuer of your digital certificate to make sure you're registered, then uses your public key to decrypt the signature. If this matches the message hash, the message came from you.
By using your public key to decrypt the "hash" of the message itself and compare it with the hash the receiver computes, the software can determine that the message was not altered. If a single comma or period was changed, the hashes won't be the same.