



With the question as to what a digital signature is posted under the submission about the legality of digital signatures in Ireland. I thought that I would compose a brief explaination of what they are. (At least until I need to get some work done).
If you are interested in a brief introductory explaination, please read on. This is not intended to be perfect or faultless, just a low enough level explaination that someone unfamiliar with encryption technology can understand it.
First, to understand what a digital signature you have to understand what a hash function is. A hash function is a function that is run on data, and returns different data. That is about the best way to describe it. A one way hash is a function that once run, cannot be worked backwards to get the data back in it's original form. In digital signatures, there are 2 hashes run. The first condenses the document being signed into a much shorter form, in order to save space. This is not a compression, the data cannot be restored. This is just making data that can be linked to the original in some way, that takes up less space. Next, the condensed form is encrypted, using the private key from a method of public key encryption.
What is public key encryption you may ask? Public key encryption is a form of encryption in which there are 2 keys (usually). One key is private, the other is public. Files encrypted using one key, can only be decrypted using the other. The keys are interchangable, IE, you can say, this one is my public key, and this one is my private key.
The advantage to this is that you do not have to protect the public key. You can post it on the web, and there is no (easy) way to figure out what your private key is in this process. This has to do with the keys being generated by a function involving a number that is the product of 2 large prime numbers. Factoring the product of 2 large primes is what in math is referred to as a "hard problem," or one that it is impossible to quickly solve (as far as we know).
On to the fun part. Now, your document has a digital signature on it (remember, we condensed and encrypted it). Anybody that it is being sent to, or that wishes to verify that you signed it needs to do the following things. First, decrypt the signature. This is easy, (remember, they can decrypt things encrypted with your private key by using your public key). Next, they take the original, and run the same condensing function on it. If the 2 condensed versions are the same, you have a validly signed document that is now legally binding in Ireland.
Hope you all learned something, here are a few links to get you started if you want to learn more.
PGP FAQ
PGP is a popular form of encryption. It is public key encryption and can be used to create digital signatures.
Everything's node on the subject
Have fun.


