Message digests and digital signatures

A message digest is a fixed size numeric representation of the contents of a message, computed by a hash function. A message digest can be encrypted, forming a digital signature.

Messages are inherently variable in size. A message digest is a fixed size numeric representation of the contents of a message. A message digest is computed by a hash function, which is a transformation that meets two criteria:

The hash function must be one way. It must not be possible to reverse the function to find the message corresponding to a particular message digest, other than by testing all possible messages.
It must be computationally infeasible to find two messages that hash to the same digest.

The message digest is sent with the message itself. The receiver can generate a digest for the message and compare it with the digest of the sender. The integrity of the message is verified when the two message digests are the same. Any tampering with the message during transmission almost certainly results in a different message digest.

A message digest created by using a secret symmetric key is known as a Message Authentication Code (MAC) because it can provide assurance that the message has not been modified.

The sender can also generate a message digest and then encrypt the digest by using the private key of an asymmetric key pair, forming a digital signature. The signature must then be decrypted by the receiver before it is compared with a locally generated digest.