Ok, so after reading the first part, you know know the difference between symmetric and asymmetric encryption. The next step is to learn about signatures. Not the insecure kind you use when signing for a package from UPS. No, digital signatures.

What is the point of a signature? It is to verify that the real you have been part of a transaction, whether that transaction is a binding contract, or just the delivery of a message. But your signature is actually the dumbest thing ever, since its extremely simple to reproduce, and for many of us, its not even the same on every document you sign. How a hand written signature can be legally binding is still beyond me.

But a digital signature works in a different way. Its based an asymmetric encryption. But to understand digital signatures, there is one concept you first need to know: Digest(Hash).

A hash, or a digest, is a mathematical function which can be applied to a message, to produce an output that is a constant length, and which will not produce the same output for any messages that are not equal. That second part is something that people are still struggling with however. But the idea is that you have a message which can be any number of characters long, and when the hash function is applied on the message you get a string of X number of characters. This image may explain it a bit better

This can come in handy when you want to check if two messages are equal. Instead of comparing the entire message, you can compute the hash for each message and compare that.

This fact can also be used to verify that you get the correct message. For example: Bob writes a book, which is 2000 pages long, and he wants to send this book to Alice. They want to make sure that the book which Alice recieves is the exact book that Bob has written, not a single letter should have been changed. So Bob calculates the hash of the book, which results in a string of 30 characters. He then calls Alice and tells her this string. Now, he could just read her the book, since they know that they're talking to each other, and nobody else. But his would be very time consuming and boring. So insted, Bob just tells Alice to write down those 30 characters. He then sends the book to her and when Alice receives it, she calculates the hash of the book that she got. If the hash that Alice gets is the same as the hash Bob told her over the phone, then Alice can be certain that she has the exact same book that Bob sent.

So now you know what a hash is. Then how is this hash related to signatures you may wonder? Just hang on, we're getting to it.

See, there are three parts involved in a digital signature: a hash, a private key and a public key. So say Bob has written a message, which he needs to assure Alice that he is the author of. To do this, he signs the message. In practice this is quite simple.

When signing a message, you calculate the hash of the message. This hash is then encrypted using your private key (which you, and only you, are in possesion of, remember?). You then append the result (the encrypted hash) to the message. When the recipient receives the message, they need to verify the signature.

To verify a signature you first calculate the hash of the message. The next step is to decrypt the signature using the signers public key. Finally you compare the hash that you calculated with the one in the signature. If these are the same, then the message has not been changed. If they are not the same the message has been changed.

This image shows the process of sending a signed message and verifying it.