In reality, a signed message will never be sent off on its own. Typically, the last step that the sender (his software) performs uses the recipient''s public key (from their digital certificate) to encrypt the signed message, creating what''s called a digital envelope. Upon receipt, the receiver uses their private key to ''open'' the digital envelope and reveal the signed message.

• Privacy (confidentiality) is assured because only the recipient''s private key will open the digital envelope.
• Authentication is assured because if the public key (from the sender''s digital certificate) successfully decrypts the digital signature, then only the sender''s private key could have encrypted it.
• Mesage integrity is assured because the decrypted digest value is exactly the same as the recently computed value.

If either the message digest values don''t match or a decryption step fails, the message should be considered suspect, discarded, and notification sent to the message sender to try the transmission again.

For further information about digital signatures, public key cryptography, and related topics, please refer to Electronic Keys For A Digital Tomorrow here at E-commerce Watch.