MDN wants to talk to developers like you: https://qsurvey.mozilla.com/s3/8d22564490d8

Signature (security)

A signature, or digital signature, is a protocol showing that a message is authentic.

From the hash of a given message, the signing process first generates a digital signature linked to the signing entity, using the entity's private key.

On receiving the message, the verification process 

  • authenticates the sender - uses the sender's public key to decrypt the signature and recover the hash, which can only be created with the sender's private key, and
  • checks message integrity - compares the hash with a newly calculated one from the received document (the two hashes will differ if the document has been tampered with)

The system fails if the private key is compromised or the recipient is deceitfully given the wrong public key.

Learn more

General knowledge

Technical reference

Document Tags and Contributors

 Contributors to this page: hbloomer, marumari, fscholz
 Last updated by: hbloomer,