The hash of the message or data to be signed is calculated , and after that it is encrypted using the sender private key . Later on the hash can either be attached to the message or data and transmitted with it , or it can be sent separately .
To authenticate the received message or data , the sender public key is used to extract the encrypted hash from the signature. The received data or message hash is calculated , and compared to the extracted hash , if they are equal the message is authenticated .
@debian:~$ gpg --generate-key # Generate a private and a public key by using GnuPG gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: keybox '/home/difyel/.gnupg/pubring.kbx' created Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: difyel Email address: firstname.lastname@example.org You selected this USER-ID: "difyel <email@example.com>" # GnuPG creates the user ID of the holder of the key , # as such it asks certain questions . # It will also ask for a passphrase to protect the # generated Private key . The passphrase is used to # encrypt and decrypt the private key . Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/difyel/.gnupg/trustdb.gpg: trustdb created gpg: key FD03F9275A65B11A marked as ultimately trusted gpg: directory '/home/difyel/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/difyel/.gnupg/openpgp-revocs.d/468547ECCE69424D64983453FD03F9275A65B11A.rev' public and secret key created and signed. pub rsa3072 2020-02-04 [SC] [expires: 2022-02-03] 468547ECCE69424D64983453FD03F9275A65B11A uid difyel <firstname.lastname@example.org> sub rsa3072 2020-02-04 [E] [expires: 2022-02-03] # Line 35 contains the fingerprint of the created # public key . @debian:~$ gpg --list-secret-keys # List the stored secret keys . /home/difyel/.gnupg/pubring.kbx -------------------------------- sec rsa3072 2020-02-04 [SC] [expires: 2022-02-03] 468547ECCE69424D64983453FD03F9275A65B11A uid [ultimate] difyel <email@example.com> ssb rsa3072 2020-02-04 [E] [expires: 2022-02-03] @debian:~$ echo "This is a message" >> message # Create a message to sign . @debian:~$ gpg --default-key "468547ECCE69424D64983453FD03F9275A65B11A" --sign message # --sign option is used to sign a message or data. # This will create a file named # message.gpg . # The --default-key option is used to specify the # private key to sign with . # The message is signed using the private key # with the fingerprint # 468547ECCE69424D64983453FD03F9275A65B11A # gpg will ask for its passphrase . # If the --default-key option is not used , then # The key used for signing , is the first private # key found in the stored keys . gpg: using "468547ECCE69424D64983453FD03F9275A65B11A" as default secret key for signing @debian:~$ gpg --verify message.gpg # The --verify option can be used to verify # a digitally signed message . GPG will # automatically locate the public key used to # verify the message . # --verify ,Verify the signature of the message gpg: Signature made Tue 04 Feb 2020 05:48:01 AM EST gpg: using RSA key 468547ECCE69424D64983453FD03F9275A65B11A gpg: Good signature from "difyel <firstname.lastname@example.org>" [ultimate] # The signature was successfully verified . @debian:~$ gpg --decrypt message.gpg # The --decrypt option can be used to verify # and extract a digitally signed message . # GPG will automatically locate the public key # used to verify the message . This is a message gpg: Signature made Tue 04 Feb 2020 05:48:01 AM EST gpg: using RSA key 468547ECCE69424D64983453FD03F9275A65B11A gpg: Good signature from "difyel <email@example.com>" [ultimate] # The extracted message is highlited in line 87