|The Open–source PKI Book: A guide to PKIs and Open–source Implementations|
|Prev||Chapter 2. Introduction to Cryptography||Next|
When Alice sends a message to the bank, the bank needs to ensure that the message is really from her, and not an intruder requesting a transaction involving her account. A digital signature, created by Alice and included with the message, serves this purpose.
Digital signatures are created by encrypting a digest of the message, and other information (such as a sequence number) with the sender's private key. Though anyone may decrypt the signature using the public key, only the signer knows the private key. This ensures that only the signator signed it. Including the digest in the signature means the signature is only good for that message; it also ensures the integrity of the message since no one can change the digest and still sign it.
To guard against interception and reuse of the signature by an intruder at a later date, the signature contains an unique sequence number. This protects the bank from a fraudulent claim from Alice that she did not send the message –– only she could have signed it (non–repudiation).