Safeheron in 2025: A Steadfast Cornerstone Through the Changing Tides
Web3 Learning

How to Verify Digital Signature Using Public Key

By Safeheron Team
|

To verify a digital signature using a public key, you typically follow these steps:

1. Gather the necessary components

  • Public key: This is the counterpart to the private key used for signing. The public key is openly shared and is used to verify that the signature was indeed created by the holder of the corresponding private key.
  • Digital signature: This is the output of the signing process. It is a cryptographic value derived from the data and the private key.
  • Original data (or message): This is the data that was signed. The verification process involves ensuring that the signature corresponds to this particular data.

2. Hash the original data

  • The same hash function that was during used the signing process must be applied to the original data. For example, if the SHA – 256 hash function was used to create the signature, you should use SHA – 256 again here.
  • The purpose of hashing is to create a fixed – size representation of the original data. This hash value is then used in the verification process. Let’s say the original data is a document. When you apply the hash function to it, you get a unique hash value (e.g., "abc123def456…").

3. Use the public key to decrypt the digital signature

  • The digital signature is essentially an encrypted version of the hash of the original data (or some other form of data depending on the specific digital signature algorithm used). The public key is used to decrypt this signature.
  • For example, in the RSA digital signature scheme, the signature is decrypted using the RSA decryption algorithm with the public key. The result of this decryption should be the hash value of the original data that was used during the signing process.

4. Compare the decrypted hash with the newly computed hash

  • After decrypting the digital signature using the public key, you will get a hash value. This is the hash value that was encrypted during the signing process.
  • Compare this decrypted hash value with the hash that value you computed from the original data in step 2. If the two hash values match exactly, then the digital signature is verified to be valid.
  • For example, if the decrypted hash is "abc123def456…" and the newly computed hash from the original data is also "abc123def456…", then the signature is verified. This means that the data has not been tampered with and that it was signed by the holder of the corresponding private key.

5. Consider the implications of a mismatch

  • If the decrypted hash does not match the newly computed hash, the digital signature is invalid. This could indicate that the data has been altered since it was signed, or that the signature was not created with the corresponding private key. In such a case, you should not trust the data or the authenticity of the source.

It’s important to note that the specific steps and functions used may vary slightly depending on the digital signature algorithm (such as RSA, DSA, ECDSA, etc.). But the general principle of verifying the signature by using the public key to decrypt it and comparing it with the hash of the original data remains the same.

Previous Next
SHARE THIS ARTICLE

Related Articles

We use cookies to optimize site functionality & application and give you the best possible experience.

For more information, please read our Cookie Policy. By choosing "Accept All", "Accept Preferences" or turning off the pop-up, you agree to the storage of cookies on your device to improve website navigation, analyze site traffic and provide customer service.

联系我们