Ok, so after reading the first part, you know know the difference between symmetric and asymmetric encryption. The next step is to learn about signatures. Not the insecure kind you use when signing for a package from UPS. No, digital signatures.

What is the point of a signature? It is to verify that the real you have been part of a transaction, whether that transaction is a binding contract, or just the delivery of a message. But your signature is actually the dumbest thing ever, since its extremely simple to reproduce, and for many of us, its not even the same on every document you sign. How a hand written signature can be legally binding is still beyond me.

But a digital signature works in a different way. Its based an asymmetric encryption. But to understand digital signatures, there is one concept you first need to know: Digest(Hash).

A hash, or a digest, is a mathematical function which can be applied to a message, to produce an output that is a constant length, and which will not produce the same output for any messages that are not equal. That second part is something that people are still struggling with however. But the idea is that you have a message which can be any number of characters long, and when the hash function is applied on the message you get a string of X number of characters. This image may explain it a bit better

This can come in handy when you want to check if two messages are equal. Instead of comparing the entire message, you can compute the hash for each message and compare that.

This fact can also be used to verify that you get the correct message. For example: Bob writes a book, which is 2000 pages long, and he wants to send this book to Alice. They want to make sure that the book which Alice recieves is the exact book that Bob has written, not a single letter should have been changed. So Bob calculates the hash of the book, which results in a string of 30 characters. He then calls Alice and tells her this string. Now, he could just read her the book, since they know that they're talking to each other, and nobody else. But his would be very time consuming and boring. So insted, Bob just tells Alice to write down those 30 characters. He then sends the book to her and when Alice receives it, she calculates the hash of the book that she got. If the hash that Alice gets is the same as the hash Bob told her over the phone, then Alice can be certain that she has the exact same book that Bob sent.

So now you know what a hash is. Then how is this hash related to signatures you may wonder? Just hang on, we're getting to it.

See, there are three parts involved in a digital signature: a hash, a private key and a public key. So say Bob has written a message, which he needs to assure Alice that he is the author of. To do this, he signs the message. In practice this is quite simple.

When signing a message, you calculate the hash of the message. This hash is then encrypted using your private key (which you, and only you, are in possesion of, remember?). You then append the result (the encrypted hash) to the message. When the recipient receives the message, they need to verify the signature.

To verify a signature you first calculate the hash of the message. The next step is to decrypt the signature using the signers public key. Finally you compare the hash that you calculated with the one in the signature. If these are the same, then the message has not been changed. If they are not the same the message has been changed.

This image shows the process of sending a signed message and verifying it.

Lets just start from the absolute basics, and then work our way up to the actual tools for working with this stuff.

What is cryptography? Well, it's quite simple actually. Cryptography is the practice of securing a message, so that only the intended recipiant of the message can read it. An example would be that you write a letter describing the location of all your hidden gold which you need to send to your family. If you don't encrypt the letter, then the mailman could read it before delivering it, and then go and steal your precious gold.

What you need to know is that there are two types of encryption: symmetric and asymmetric. You don't need to understand how these types actually encrypt stuff, and neither do you need to understand why they're named as they are. But you do need to understand the difference between them.

Imagine a box with a lock. You need the key that fits the lock to actually unlock the box, but you also need the key to lock the box. And finally there is only one key that fits the lock. If we go back to the letter about the gold. One type of physical encryption would be to place the letter inside the box, and then mail the box. This way the mailman would not be able to read the letter.

This does however present another problem. How would your family unlock it, since you have the key? One way would be to meet them face to face and hand them a copy of the key. Then you know that there are only two keys, one for you to lock the box, and one for your family to unlock the box. But if you cannot meet face to face, then exchanging the key becomes more difficult. You could send it in the mail, but then the mailman could just make a copy of it before delivering it.

In this analogy the lockbox key represents the cryptographic key.

Now imagine a different kind of lockbox. This has no built-in lock, but instead the ability to lock it with a padlock.

In this scenario, the first step is for your family to send an unlocked padlock to you, while they keep the key. Since the padlock by itself has no information which could be used to unlock it, it's safe to send it via the evil mailman. Once you get the padlock, you use it to lock the box containing the letter. The box is then sent to your family, at which point they can use the key to unlock it. This way there is only one key, and it never leaves the safety of your family home.

And in this analogy the key represents the private key, and the padlock is the public key. These two terms are going to be used heavily throughout the series. 

Although there is one caveat to the above analogy. Where as a the padlock can be unlocked by anyone and only unlocked by the one posessing the key, both the private and public can be used to encrypt and decrypt. The public key can decrypt anything that has been encrypted by the private key, and vice verse.