Digital Signature Technology

The technology that makes digital signatures and encryption work is based on a type of cryptography that uses computer-generated pairs of numbers that have a mathematical relationship to each other. The mathematical relationship is known to the software embedded in your computer, but it's not something that you see. This technology is called Public Key Infrastructure (PKI), and it has been in use for 22 years. It's the same technology that allows the secure transmission of your credit card number when you order something online over a secure connection.

Once you have your digital ID (identifying information about you linked to your public key), you can create digital signatures. You need someone else's digital ID to encrypt the documents you send them. While you are clicking on icons in your application program, the under-the-covers process of creating a digital signature works like this:

	Your application software (Microsoft, Netscape, or other browsers email and application programs) executes an algorithm (a mathematical formula) on the document or email message that you want to send, reducing it to a 160-bit string of information. No two documents will convert to the same 160-bit value. This process is called hashing, and the 160-bit value is called a hash. The hash gets encrypted using your private key. The encrypted hash is sent or stored, along with your digital ID, which has your public key in it, and the original document. The recipient receives the document, along with the other information, and the recipient's application program hashes the hash message. The recipient's application program also decrypts the encrypted hash of the original document, using the public key in the sender's digital ID. It can decrypt the document with the public key, although it was encrypted with the sender's private key, because the two keys are mathematically related, and the mathematical formula is programmed in the software. The application program checks to see if the two hashes match. When they do, the application program recognizes a valid digital signature.
You can encrypt messages and documents with or without signing them. The encryption process is separate from the digital signature process, and requires that you have the digital ID of the intended recipient of an encrypted document. The under-the-cover process of encrypting works like this:
	Your application program takes your document or message and encrypts it using a formula that is programmed into your software. It's a formula (called Triple-DES) that uses a random-number key that the software is programmed to generate. Your application program then encrypts that random-number key using a different encryption algorithm and the recipient's public key. When the recipient receives the encrypted message, the recipient's software uses its own private key to decrypt the encrypted Triple-DES key. It can decrypt using its private key because of the mathematical relationship of the public-private key pair. Using the decrypted key, the application program decrypts the document or message.
	Additional information about digital signatures can be viewed here.

Dr. Pierce Howard is ResumeFit’s Chief Science Officer and creator of the WorkPlace Big Five Profile. He has been an Organizational Psychologist since receiving his degree from UNC in 1972. he has written a number of books, including The Owner’s Manual for the Brain: Everyday Applications from Mind-Brain Research. He and his book were featured on “The Oprah Winfrey Show" in May 1997.