What is a digital signature and how does it prove origin and integrity?
Short answer
A digital signature is the hash of a message transformed with the signer's private key. The verifier recomputes the hash, applies the signer's public key, and checks they match. Because only the signer holds the private key, a valid signature proves the message came from them (authenticity), wasn't altered (integrity), and that they can't credibly deny it (non-repudiation).
Interviewers ask this to confirm you understand asymmetric keys "in reverse" — encryption uses the recipient's public key, but signing uses the sender's private key. Mixing those up is a common giveaway.
How signing works
Signing a multi-megabyte file directly would be slow and awkward, so the signer first computes a cryptographic hash of the message — a short, fixed-length fingerprint. They then transform that hash with their private key to produce the signature, which travels alongside the message.
How verification works
The verifier takes the received message, computes its hash independently, and applies the signer's public key to the signature to recover the hash the signer computed. If the two hashes match, the signature is valid. This single check proves three things at once:
- Integrity — if even one bit of the message changed, the recomputed hash would differ and verification would fail.
- Authenticity — only the holder of the private key could have produced a signature that verifies against the matching public key.
- Non-repudiation — because the private key is the signer's alone, they cannot later deny having signed it.
Why not just use an HMAC?
An HMAC also proves integrity and authenticity, but it uses a shared secret key — both parties hold the same key, so either could have produced the tag. That means an HMAC cannot provide non-repudiation: in a dispute, you can't prove which party made it. A digital signature can, because the private key belongs to exactly one party.
The trust gap
A signature proves a message came from whoever holds a given private key — but not who that person is. Binding a public key to a real-world identity is the job of certificates and a PKI.
What interviewers look for
The private-key-to-sign / public-key-to-verify direction, signing a hash rather than the full message, the three guarantees, and the non-repudiation distinction from HMAC.
Likely follow-ups
- Why do we sign a hash of the message rather than the whole message?
- How is a digital signature different from an HMAC?
- What is non-repudiation and why can't symmetric MACs provide it?