Re: newbie: what does "sign the message digest" mean?

[simonis () myself com]

Ravi,

In step one, a digest is created.  But, this digest is of little use alone... it might as well be a checksum at this 
point.  It does nothing to assure the recipient or the sender that the message itself has not been altered.  If I 
intercept and change the message, all I need to do is recompute the digest and forward on.  

So, how to fix this?  The key (no pun!) is to use asymmetric cryptography.  I can "sign" the message digest, that is, 
encrypt it with my private key.  That forms a digital signature.  Only the person in possession of my private key 
(assumed to be only myself) could have generated a message digest that is so encrypted.

The recipient can decrypt this with my public key.  Then, they can recompute the message digest and recompare.  If the 
two digests are the same, they know the message has not changed in transit.  

I hope that clears things up.  If not, you may want to re-read on public key (asymmetric) cryptography to clarify the 
relationship of the two keys in the pair.  

-Ds