In this plain English explanation of digital key signatures I will be making reference to examples and terms mentioned in my writeup of public key cryptography, so you may want to look at that first, especially if you are unfamiliar with the system. The technical explanation is in normal style text and the metaphorical example is in italics

So Bob has just recieved an email encrypted with his public key. He decrypts it and finds that it is a love letter from his friend Sue--she wants to take their relationship to the next level. Bob starts to get excited, but then has a terrible thought--what if the mail isn't really from Sue, what if it is from Eve, forging the email?

For an image you can think of Bob recieving an envelope with his lock on it, he opens it with his key and finds a message. He looks at the signature and compares it with others he already has but he isn't really sure if they match up, so he gets paranoid.

So how can Bob be sure it really is Sue? He can ask Sue to resend the message, but ask her to digitally sign it:

  1. Sue writes her profession of love in an email. She then digitally signs it by encrypting it with her private key. Normally what would happen is she would take Bob's public key (a really big string of data) and mix it in a special way with her email such that the only way of reading the email is by having the private key to decode it. Here what is happening is the opposite--kinda. Here she is taking her private key and mixing it (in the same special way) with her email, such that anyone with her public key can decrypt it. This means anyone can decrypt it, so it is a poor form of protection, but because the only way it could have been encrypted was with Sue's private key, Bob knows it must be Sue sending it.

    Sue makes a private set of locks that automatically unlock when they come in contact with one of her public locks. She writes her letter, she then seals it with one of these private locks, and then sends it to Bob. Bob recieves the mail and opens it using Sue's public lock and can be certain it was really Sue who sent the message.

  2. Now that Sue has digitally signed her message she then encrypts it with Bob's public key and sends it to him.

    She takes this envelope she has already locked with her private lock and tosses it in another envelope and seals it with Bob's public lock (from his public locker) and drops it in the mail.

  3. Bob receives the email, decrypts it using his private key, decrypts the signature using Sue's public key, and swoons--Sue really does love him!

    Bob gets the bulky envelope from Sue. He unlocks his public lock with his private key. He then grabs one of Sue's public locks and touches it to the lock on the inner envelope--it opens. He reads the message, and swoons!