What is a digital signature?

Part 1
There are different types of digital
signatures; this tip focuses on digital
signatures for email messages. You may have
received emails that have a block of letters
and numbers at the bottom of the message.
Although it may look like useless text or
some kind of error, this information is
actually a digital signature. To generate a
signature, a mathematical algorithm is used
to combine the information in a key with the
information in the message. The result is a
random-looking string of letters and
numbers.
Why would you use one?
Because it is so easy for attackers and
viruses to "spoof" email addresses , it is
sometimes difficult to identify legitimate
messages. Authenticity may be especially
important for business correspondence—if
you are relying on someone to provide or
verify information, you want to be sure that
the information is coming from the correct
source. A signed message also indicates that
changes have not been made to the content
since it was sent; any changes would cause
the signature to break.
How does it work?
Before you can understand how a digital
signature works, there are some terms you
should know:
Keys - Keys are used to create digital
signatures. For every signature, there is a
public key and a private key.
Private key - The private key is the portion of
the key you use to actually sign an email
message. The private key is protected by a
password, and you should never give your
private key to anyone.
Public key - The public key is the portion of
the key that is available to other people.
Whether you upload it to a public key ring
or send it to someone, this is the key other
people can use to check your signature. A
list of other people who have signed your
key is also included with your public key.
You will only be able to see their identities if
you already have their public keys on your
key ring.
Key ring - A key ring contains public keys.
You have a key ring that contains the keys of
people who have sent you their keys or
whose keys you have gotten from a public
key server. A public key server contains keys
of people who have chosen to upload their
keys.
What is a digital signature? Part 2

Fingerprint - When confirming a key, you will
actually be confirming the unique series of
letters and numbers that comprise the
fingerprint of the key. The fingerprint is a
different series of letters and numbers than
the chunk of information that appears at the
bottom of a signed email message.
Key certificates - When you select a key on a
key ring, you will usually see the key
certificate, which contains information about
the key, such as the key owner, the date the
key was created, and the date the key will
expire.
"Web of trust" - When someone signs your
key, they are confirming that the key
actually belongs to you. The more signatures
you collect, the stronger your key becomes.
If someone sees that your key has been
signed by other people that he or she trusts,
he or she is more inclined to trust your key.
Note: Just because someone else has trusted
a key or you find it on a public key ring does
not mean you should automatically trust it.
You should always verify the fingerprint
yourself.
The process for creating, obtaining, and
using keys is fairly straightforward:
Generate a key using software such as PGP,
which stands for Pretty Good Privacy, or
GnuPG, which stands for GNU Privacy Guard.
Increase the authenticity of your key by
having your key signed by co-workers or
other associates who also have keys. In the
process of signing your key, they will
confirm that the fingerprint on the key you
sent them belongs to you. By doing this, they
verify your identity and indicate trust in your
key.
Upload your signed key to a public key ring
so that if someone gets a message with your
signature, they can verify the digital
signature.
Digitally sign your outgoing email messages.
Most email clients have a feature to easily
add your digital signature to your message.