What is Digital Signature?

Digital signatures provide three guarantees: authentication (the message was created by the claimed sender), integrity (the message has not been altered since signing), and non-repudiation (the signer cannot deny having signed it). These properties make digital signatures legally binding in many jurisdictions and essential for software distribution, financial transactions, and identity verification.

The signing process works by first hashing the message with a cryptographic hash function (like SHA-256) to produce a fixed-size digest, then encrypting that digest with the signer's private key. Verification reverses the process: the verifier decrypts the signature with the signer's public key, independently hashes the message, and compares the two digests. If they match, the signature is valid. Common algorithms include RSA signatures, ECDSA (Elliptic Curve Digital Signature Algorithm), and EdDSA.

Digital signatures are distinct from HMAC, though both verify integrity. HMAC uses a shared secret key — both parties can generate and verify the code, so it cannot provide non-repudiation. Digital signatures use asymmetric keys, meaning only the private key holder can sign, while anyone with the public key can verify. This asymmetry is what enables non-repudiation and makes digital signatures suitable for public verification scenarios.

How Vaulted uses Digital Signature

Vaulted does not use digital signatures in its core encryption flow because the sharing model is symmetric — the sender and recipient share the same key via the URL fragment, and there is no need for non-repudiation or public verification. However, the TLS certificates securing Vaulted's HTTPS connections rely on digital signatures to prove the server's identity to your browser, and the integrity of Vaulted's deployed code is verified through code signing in its CI/CD pipeline.