Rolling Thunder Security CYBERSECURITY FUNDAMENTALS PKI MODULE
Digital Signatures
How public-key cryptography proves a message came from the claimed sender and was not altered in transit. Plaintext to plaintext, end to end.
Sender
Alice
Signs the message
◇ Alice public key
◆ Alice private key
Untrusted channel
Receiver
Bob
Verifies the signature
◇ Alice public key
Plaintext message
"Transfer $5,000 to account 4471. -Alice"
SHA-256 hash
9f86d081 884c7d65 9a2feaa0 c55ad015...
Digital signature
a3f2c8d9 7e4b1a... [encrypted hash]
Message + signature
Plaintext bundled with signed hash
Plaintext (received)
"Transfer $5,000 to account 4471. -Alice"
Hash (computed)
9f86d081 884c7d65 9a2feaa0 c55ad015...
Hash (recovered)
9f86d081 884c7d65 9a2feaa0 c55ad015...
▶ HASH
▶ SIGN with private key
▶ HASH
▶ DECRYPT with public key
⇄ COMPARE
✓
Signature Valid
Authenticity · Integrity · Non-repudiation
1OF 09
Alice has a plaintext message
Alice composes the message she wants to send to Bob. The content is in the clear, readable to anyone who sees it. The goal is not secrecy here, it is proving Alice wrote it and the message was not tampered with.