A hash function takes an arbitrary length data and produce a fixed sized digest for it. Common method to verify integrity is to use a hash function. To understand what makes a digital signature, the two requirements, integrity and authenticity, should be first examined separately.
First part describes what is a digital signature and then the second part shows how to use OpenSSL sign and verify functions to work with signatures.
This blog post describes how to use digital signatures with OpenSSL in practice. Digital signatures allow the recipient to verify both authenticity and integrity of the received document. It is needed for instance when distributing software packages and installers and when delivering firmware to an embedded device. Being able to verify that a piece of data originates from a trusted source (authenticity) and that it has not been altered in transit (integrity) is a common requirement in many use cases.
