Digital Signatures: Why They Matter

TL;DR

Signing a random number (or any data) with digital signatures proves you created it and that it hasn’t been changed. It’s like a tamper-proof seal, essential for secure communication and transactions online.

What is Digital Signing?

Digital signing uses cryptography to create a unique ‘fingerprint’ of data. This fingerprint is called a hash. The signature itself is created using your private key (which only you should have) and the hash. Anyone can verify the signature with your public key.

Why Sign a Random Number?

You might wonder why sign something seemingly useless like a random number. The point isn’t the number itself, but demonstrating the signing process works and proving ownership of the private key. It’s a test case for more important data.

How it Works: Step-by-Step

1. Generate a Random Number: This is your data to be signed. For example, using Python:

   import secrets
   random_number = secrets.randbelow(1000)
   print(f"Random number: {random_number}")

2. Hash the Data: Create a unique fingerprint of the random number using a hashing algorithm (like SHA-256).

   import hashlib
   message = str(random_number).encode('utf-8') # Convert to bytes
   hash_object = hashlib.sha256(message)
   hex_dig = hash_object.hexdigest()
   print(f"Hash: {hex_dig}")

3. Sign the Hash with Your Private Key: This is where cryptography comes in. You’ll need a key pair (private and public). Tools like OpenSSL can generate these.

   # Example using openssl (replace 'private.pem' with your actual private key file)
   openssl dgst -sha256 -sign private.pem -out signature.sig input_file.txt

   (Where input_file.txt contains the hash from step 2)

4. Verify the Signature with Your Public Key: Anyone can use your public key to check if the signature is valid.

   # Example using openssl (replace 'public.pem' with your actual public key file)
   openssl dgst -sha256 -verify public.pem -signature signature.sig input_file.txt

Benefits of Digital Signatures

• Authentication: Confirms the data was created by you (the owner of the private key).
• Integrity: Ensures the data hasn’t been altered since it was signed. If even a single bit changes, the verification will fail.
• Non-Repudiation: You can’t deny creating the data because only your private key could have created the valid signature.

Real-World Uses

• Software Distribution: Verifying software hasn’t been tampered with.
• Email Security: Ensuring emails are from the claimed sender and haven’t been modified in transit.
• Blockchain Transactions: Authorizing transactions on a blockchain.
• Legal Documents: Digitally signing contracts and agreements.