Signing data
To prove that some data has come from someone we trust, it can be signed. You do not sign the data itself; instead, you sign a hash of the data, because all the signature algorithms first hash the data as an implementation step. They also allow you to shortcut this step and provide the data already hashed.
We will be using the SHA256 algorithm for generating the hash, combined with the RSA algorithm for signing the hash.
We could use DSA for both hashing and signing. DSA is faster than RSA for generating a signature, but it is slower than RSA for validating a signature. Since a signature is generated once but validated many times, it is best to have faster validation than generation.
Good Practice: DSA is rarely used today. The improved equivalent is Elliptic Curve DSA (ECDSA). Although ECDSA is slower than RSA, it generates a shorter signature with the same level of security.
Signing with SHA256 and RSA
Let’s explore signing data...