The goal is to prove that we (the sender) have the private key.

Procedure in detail

Sender

→ We make a message (M) and hash it using a hash function, this creates our hashed message (HM)

→ We attach the used hash function to the HM. Then we encrypt everything using our private key. This gets us the signed message (SM)

→ Then we send the original message M and the signed message SM to our receiver. (M + SM)

Receiver

→ Our receiver can then decrypt our SM using their public key. They then get the HM and our hash function.

→ They can now hash the original message M and get a second HM. Now they can compare their HMs and if they are the same, we have proved to own the private key.

Challenge-Response

This is a core part of TLS.

Often times a client wants a server to prove its identity. It then sends a message and challenges it to create a signature and send it to us.

1. We send them a message to sign
2. They add a padding using PSS (probabilistic signature scheme) and sign it using their private key
3. We decrypt it using the public key
4. If the message matches our original message they have proven themselves.

DSA (Digital Signing Algorithm)