In the context of cryptocurrencies, a digital signature certificate system often consists of three basic steps: hashing, signing, and verifying.
Hashing the data
The first step is to hash the message or digital data. The Digital data is done by submitting the data through an algorithm so that a hash value is generated (i.e., the message digest). As mentioned, the messages can vary significantly in size. But when they are hashed, all their hash values have the same length. This is the most basic property of a hash function.
However, hashing the data is not a must for producing a digital signature Certificate because one can use a private key to sign a message that wasn’t hashed at all. But for cryptocurrencies, the data is always hashed because dealing with fixed-length digests facilitates the whole process.
After the information is hashed, the sender of the message needs to sign it. This is the moment where public-key cryptography comes into play. There are several types of digital signature certificate algorithms, each with its own particular mechanism. But essentially, the hashed message will be signed with a private key, and the receiver of the message can then check its validity by using the corresponding public key (provided by the signer).
Put in another way, if the private key is not included when the signature is generated, the receiver of the message won’t be able to use the corresponding public key to verify its validity. Both public and private keys are generated by the sender of the message, but only the public key is shared with the receiver.
It’s worth noting that digital signature certificates are directly related to the content of each message. So unlike handwritten signatures, which tend to be the same regardless of the message. Each digitally signed message will have a different digital signature certificate.
Let’s take an example to illustrate the whole process until the final step of verification. Imagine that Alice writes a message to Bob, hashes it. Then combines the hash value with her private key to generate a digital signature. The signature will work as a unique digital fingerprint of that particular message.
When Bob receives the message. He can check the validity of the digital signature certificate by using the public key provided by Alice. This way, Bob can be sure that the signature was created by Alice because only she has the private key that corresponds to that public key (at least that’s what we expect).
So, it’s crucial for Alice to keep her private key secret. If another person gets their hands on Alice’s private key, they can create digital signatures and pretend to be Alice. In the context of Bitcoin. This means someone could use Alice’s private key to move or spend her Bitcoins without her permission.