The electronic signature process freezes the contents of a document so that any modification invalidates the embedded signature.
The electronic signature process consists of two operations:
- Calculate a digital hash from the full content of the document.
- Encrypt the hash with the private key. The cypted hash is packaged with the document even though the visible content of the document is not encrypted, to make it readable.
To validate a digitally signed document, that is, to verify that it has not been modified since the signing we have to do three operations:
- Recalculate the document hash.
- Deciphering the hash in the document using the public key contained in the issuer's certificate and compare the two hashes. If they match, the document has not undergone any change since it was signed and, therefore, is valid. If both hases are not equal, there has been a change and the sign isn't valid.
- The calculation method of the summaries has three interesting properties: (a) its length is always fixed, regardless of the length of the document, (b) a minimum disturbance to the contents of a document produced very different hash and (c) calculate a summary is not a symmetrical operation: you can easily calculate the summary of a plain text but it is not possible to reconstruct the text from the hash.