Digital Signatures Actually Sign the Hash of the Data

In PKCS#7 signed-data, the digital signature is applied to a hash (digest) of the data—not the full data itself.

Why?

• Public key operations (like RSA) are computationally expensive, so the data is first hashed (e.g., with SHA-256), and only the digest is signed.
• This signed hash ensures integrity (data wasn’t changed) and authenticity (signature is valid).

  ---

Summary

The signer hashes the data, then signs that hash with their private key. The receiver re-hashes the data and verifies the signature using the public key.

Chilkat functions for creating or verifying signatures typically handle data directly and compute the hash internally. Functions that require an explicit hash input are clearly identified, often including Hash in their names, like Crypt2.SignHashENC.

This is standard for all modern digital signature formats.