Digital Signature

Digital Signature lets you verify that no one tampers with your data through a signature. It confirms the authenticity and the integrity of the signed data, but not its secrecy. It is asymmetric, meaning it uses a pair of keys (public key and private key).

Signatures have the following properties:

  • Authenticity: It is impossible to create a signature for which PublicKeyVerify.Verify(signature, message) validates, unles you have the private key.
  • Asymmetric: Creating the signature uses a different key than verifying it. This lets you distribute the Public Key to verify signatures to parties that can't create signatures themselves.

If you don't need asymmetry, consider using the simpler and more efficient MAC instead.

The functionality of Digital Signature is represented in Tink as a pair of primitives:

  • PublicKeySign for data signing
  • PublicKeyVerify for signature verification

Choosing a key type

We recommend using ECDSA_256 for most uses, but there are a variety of options. In general, the following holds true:

  • ECDSA_P256 is the most popular and works just fine in most cases.
  • ED25519 creates deterministic signatures and provides better performance than ECDSA_P256.
  • RSA_SSA_PKCS1_3072_SHA256_F4 creates deterministic signatures and provides the best verification performance (but signing is much slower than ECDSA_P256 or ED25519).

Minimal security guarantees

  • Data to be signed can have arbitrary length
  • 128-bit security level against adaptive chosen-message attacks for elliptic curve based schemes
  • 112-bit security level against adaptive chosen-message attacks for RSA based schemes (allows 2048 bit keys)

Example use case

See I want to digitally sign data.