CoderJony

When should we use Signing or Digital Signatures?

In signing, a Digital Signature is shared with the recipient. The recipient uses this signature to verify the authenticity of the issuer.

👉 Digital Signature is nothing, just a string encrypted with a secure private key.

What is Digital Signing

By definition, in signing, the issuer encrypts information with the private key and shares it with the recipient. The recipient on other hand uses the public key to decrypt the information. If decryption is successful, then the Receiver trusts the issuer, and if decryption fails, that means the message has been malformed by some attacker or untrusted party.

Real World example

You can co-relate this digital signature with a human hand signature. For example, when you issue a cheque to someone to withdraw some money from the bank, then an employee at Bank will verify your signature to make sure that you are a genuine issuer of the cheque. If someone tries to fake your signature then he will be caught by the Bank.

💁Though bank employees sometimes may fail to identify the fake signatures. But, here we are focusing on understanding the concept.

How to identify the need for Digital Signing?

Whenever we feel that our users should have some mechanism to ensure that they are accessing information from genuine resources, we can consider that a use case where we can use signing to improve security.

Use cases of Digital Signing

  • JWT Token - Third parties such as Google, Facebook, Microsoft, or any other Identity Provider include the signature in JWT. That signature is encrypted with their private key. And once you decrypt it with their public key and decryption is successful, then you can be sure that the signature was issued by the authenticated party.

  • Webhook - Webhook providers may include a signature in each webhook event that they send to your application endpoint. You can verify the signature in each webhook message. This allows you to verify that the events were sent by original providers.

  • SSL Certificate - The SSL certificate is a perfect example. We submit CSR (Certificate Signing Request) to Certificate Authority such as DigiCert, ZeroSSL, etc. They use their secure private key to sign our CSR. This signed CSR (SSL Certificate) is then sent to the browser. Browser use distributed public keys by those Certificate Authorities to verify the certificate's authenticity.

Thank you!

Buy Me A Coffee
profile-sample1
profile-image

Ankush JainSoftware Engineer

Recent Posts

When should we use Signing or Digital Signatures?
Running .NET 8 Lambda Functions on AWS using Custom Runtime & Lambda Internals for .NET Developers
By Ankush Jain Nov, 2023
When should we use Signing or Digital Signatures?
Building Serverless .NET APIs using AWS Lambda, Amazon API Gateway, and Amazon Cognito | Authentication and Authorization
By Ankush Jain Nov, 2023
When should we use Signing or Digital Signatures?
Authenticating users in ASP.NET Core MVC using Amazon Cognito
By Ankush Jain Mar, 2023
When should we use Signing or Digital Signatures?
Structured Logging in .NET Core Worker Service with Serilog - Write logs to Amazon CloudWatch
By Ankush Jain Mar, 2023
When should we use Signing or Digital Signatures?
Installing MySQL on Amazon Linux 2 EC2 Instance and configure it for remote connections
By Ankush Jain Jan, 2023
When should we use Signing or Digital Signatures?
Building a Serverless ASP.NET Core Web API with AWS Lambda using Function URLs
By Ankush Jain Oct, 2022
When should we use Signing or Digital Signatures?
Structured Logging with NLog in AWS Lambda using .NET Core
By Ankush Jain Sep, 2022
When should we use Signing or Digital Signatures?
Hosting an ASP.NET Core Application on Amazon Linux 2 EC2 instance
By Ankush Jain Aug, 2022
When should we use Signing or Digital Signatures?
Getting Started with AWS CDK using .NET
By Ankush Jain Jul, 2022
When should we use Signing or Digital Signatures?
Choosing the perfect memory for your AWS Lambda functions
By Ankush Jain Jul, 2022