With encryption systems, you generally have three options:

• Send an encrypted message with a digital signature. This is done when the message is confidential and verification is required.
• Send an encrypted message without a digital signature. Doing this means the message doesn’t require verification of the sender, but requires confidentiality.
• Send an unencrypted message with a digital signature. It doesn’t matter who sees the message so long as the recipient knows the message is from you.

To illustrate the use of encryption methods with a digital signature, we’ll use the example of Susan who wants to send you a signed document.

First, Susan creates her message. Once it’s finished she uses her software to encode the message data into a smaller version through a process called “hashing”. This hashed version is called a message digest. Next, the message digest is, in turn, encrypted with her private key that is specific only to her. The resulting encryption of the message digest is Susan’s digital signature. Lastly, this digital signature is finally attached to the original document and sent to you.

On receiving the document, your computer software (with Susan’s public key code) verifies the document and signature by verifying the message digest. The signature is first decrypted using Susan’s public key. If successful, this process would change it back into its message digest form, confirming for you that it was hashed with the corresponding private key. In addition, your software would check the document by hashing the document data into a message digest with the public key, testing to see if the digest matches the one resulting from the signature decryption.

Although this process may seem complicated, on screen the validation process is done through the simple click of a button.