Once these key pairs are in the hands of all those participating in a transaction, digital signatures on messages passed among the parties protect the contents and also provide sender authentication and message integrity checks.

Using a standard message digest creation algorithm (MD5, SHA-1, etc.), a sender creates a unique ''fingerprint'' of a message and then encrypts the result using the sender''s private key. Message digest computations provide a 160-bit (20-byte) value that''s guaranteed unique for a given message. If even a single bit is changed within the message, roughly half the bits in the digest will also change, preventing someone from believing that the message arrived unaltered.

When you attach the encrypted message digest (digital signature) to the original message and further encrypt it using the receiver''s public key (from their digital certificate), you create what''s called a digital envelope, adding the three elements -- sender authentication, message integrity, and confidentiality (privacy) -- to complete the security picture that''s required for effective electronic commerce.