<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE concept
  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept xml:lang="en" id="GUID-5C58F7D1-D672-5B6D-AD48-863EC68F7446"><title>Digital signatures</title><prolog><metadata><keywords/></metadata></prolog><conbody><p>A digital signature is used to verify that a message (or data) actually came from the sender (the one who signed the message) and that it has not been tampered with.</p> <p> A signature is formed by producing a fixed-length digest (hash) of the message using a hash algorithm, which is then encrypted using the sender's private key. This signature and the message are then sent to the recipient.</p> <p>The receiver can then verify the signature as follows: a hash is produced of the sender's message (using the hashing algorithm sent with the signature); also, using the sender's public key, their signature is decrypted into a hash. These two hashes are compared: if they are the same, it is more or less certain that the public key used for the decryption corresponds to the private key used to create the signature, thus data integrity is validated.</p> </conbody></concept>