Quiz Entry - updated: 2026.07.14
How does a digital signature with public-key crypto work, and which algorithms are common?
The signer uses their private key to compute a signature over the message; the verifier uses the signer's public key to check it. The key roles are inverted compared to encryption.
| Operation | Key used | Who knows it |
|---|---|---|
| Encryption | Recipient's public key | Everyone |
| Decryption | Recipient's private key | Only recipient |
| Signing | Signer's private key | Only signer |
| Verifying | Signer's public key | Everyone |
Concrete operation pair:
signature = SIGN(sk_Alice, message)
OK_or_NOK = VERIFY(pk_Alice, message, signature)
Common signature algorithms:
| Name | Underlying hard problem | Typical use |
|---|---|---|
| RSA-PSS / RSA-PKCS1v1.5 | Integer factorisation | TLS certificates, code signing |
| DSA | Discrete logarithm (Z*_p) | Older systems, FIPS |
| ECDSA | EC discrete logarithm | TLS, Bitcoin |
| EdDSA (Ed25519) | EC discrete log on Edwards curves | SSH, modern messaging (best modern default) |
| ElGamal Signature | Discrete log | Theoretical / GPG variants |
Different from encryption: with signatures the same algorithm family (RSA, DH, EC) often supports both, but with different padding/parameter choices.
Tip: Ed25519 is the current modern default — fast, no parameter choices to get wrong, no side-channel risk in standard implementations. SSH and Signal both default to it. Use it unless legacy compatibility forces RSA.