When you use an application to digitally sign a message, you are basically attaching the public part of your Digital ID to the message along with other information that ensures the integrity of your e-mail message.

Before the e-mail message and Digital ID are sent, the message goes through an encoding process, called a hash algorithm, whereby the message you are sending is used to mathematically generate a set of characters (letters and numbers) that could only be created by your exact message. This set of characters is called a message digest.

It is important to know that the hash algorithm works quickly in one direction and is very difficult to work in reverse. That is, your e-mail application can take your e-mail message, run it through the hash algorithm, and quickly create a unique message digest. However, if given just the message digest, it would take years to decipher the e-mail message.

Once the e-mail application creates the message digest, it uses your private key to encrypt the message digest. This is critical. If you were to send the e-mail and the message digest, someone could easily change your message text, recreate the message digest, and then send that along as if it came from you.

Your e-mail application sends the e-mail with the Digital ID and encrypted message digest as attachments. Note that none of the e-mail message text is sent encrypted. So if someone wanted to, they could still read the contents of your message.

When someone receives your e-mail message, their application uses your Digital ID (the public key) to decrypt the message digest. Then the application runs your e-mail text through the same hash algorithm that your application used. It then compares the results (the message digests). If the message digests that it created matches the one attached to your e-mail, then the message text was not tampered with during the transfer from your computer to theirs.

For more information, see the section on public and private keys.