The original file and the digital signature are sent together to the recipient.
The recipient uses the sender's public key to decrypt the digital signature's hash.
The recipient's computer calculates the hash of the original file and compares it with the decrypted hash. If the two hashes match, the signature is verified. If the hashes don't match, that's evidence that the document has been altered or that the signature isn't valid.
SSL/TLS use public key encryption to create a secure connection between the server and client. This encryption method enables the use of Hypertext Transfer Protocol Secure. The communication session is first established using asymmetric encryption to establish the identities of both parties and to exchange a shared session key that enables a symmetric cipher. Symmetric encryption, using a shared key, is faster and more efficient than asymmetric encryption so it makes sense to use it for as much of the communication as possible.
Public key risks
While public key encryption is more secure than symmetric encryption, there are a few risks to consider, including the following:
Low-quality key. A poorly crafted asymmetric key algorithm -- one that's too short in length, for example -- is a security risk.
Lost private key. If the private key is lost or misplaced, access to the data becomes problematic.
Man-in-the-middle (MitM) attacks. Public key encryption can be a target for MitM attacks. The two main ways of trusting the identity of a website are the site's security certificate and its public key encryption. If either of these is compromised, a malicious party can insert itself into the connection between a user and a website and then capture any information sent between the two.
