Digital signatures are quite interesting and it works like this:

STEP 1:

the document is converted into a fixed-size string of bits, called hashing. The key point to remember about hashing is that hashing the same original input will always produce this same number, but this number cannot be reconstructed into its original input.

We do this so that the document can be arbitrarily long without needing to work with a huge number in the next step.

​

STEP 2:

we encrypt this hash with a private key and attach it to the document. We also attach the corresponding public key.A private/public key pair is unique, and has the property such that

* only the public key can decrypt something the private key encrypted and vice versa.
* It is also impossible to compute the public key from the private key and vice versa.

​

STEP 3:

anyone wishing to verify that the person who signed the document is in possession of the private key that corresponds to the attached public key can attempt to decrypt the encrypted hash.

If they are successful, this proves 2 things: the person who signed it is the owner of the public key, and the document has not been modified since it was signed (this is because if it was modified, it would produce a different hash than the one we decrypted).

​

STEP 4:

we look up the public key on some service. For example, websites use certificate authorities to check to see which website owns which public key.