Like digital certificates a digital signature is created with asymmetric or public-key cryptography. In the same way as signing your name to a document legally binds the document to you, a digital signature proves that a document belongs to a user. In addition, a digital signature provides other benefits beyond simply proving that a particular person sent a message.
A digital signature is able to prove that a message has not been changed, which means that it ensures the integrity of a message. It is also provides for non-repudiation, meaning it’s able to prevent a sender from claiming they did not send the message.
For example, if you want to send a digitally signed message to your bank; first you would create a hash of the message using a hashing algorithm like Message Digest 5 (MD5) or Secure Hash Algorithm (SHA). This hashed message is called a message digest. You would then encrypt the digest using your private key and this encrypted hash would be the digital signature of your message.
Both the message and the digital signature are sent to your bank.
In order for the bank to make sure that your message is authentic, they would retrieve your public key and decrypt your digital signature, which reveals the hash. The bank would then hash your message and compare it to the newly uncovered hash.
If the hashes do not match then the message was not sent by you or was changed in transit.
Keep in mind that the original message that you sent to the bank with the digital signature could still be read by others. In order to encrypt the message you would need to retrieve the bank’s public key from their certificate authority (CA) and encode your message. After that, the bank will be able to decode your message with their private key.