From 0d89409faa430632b7b24b9dc42d2503769f672e Mon Sep 17 00:00:00 2001
From: wbamberg <will@bootbonnet.ca>
Date: Wed, 8 May 2024 15:59:22 -0700
Subject: [PATCH 1/2] Add a glossary page on digital signatures

---
 .../en-us/glossary/digital_signature/index.md | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 files/en-us/glossary/digital_signature/index.md

diff --git a/files/en-us/glossary/digital_signature/index.md b/files/en-us/glossary/digital_signature/index.md
new file mode 100644
index 000000000000000..ba8b5ff6f0118d3
--- /dev/null
+++ b/files/en-us/glossary/digital_signature/index.md
@@ -0,0 +1,29 @@
+---
+title: Digital signature
+slug: Glossary/Digital_signature
+page-type: glossary-definition
+---
+
+{{GlossarySidebar}}
+
+A **digital signature** is an object that can be used to {{glossary("authentication", "authenticate")}} the author of a document or message.
+
+Digital signatures are usually based on {{glossary("public-key cryptography")}}, in which a key is created as a pair of keys, with the property that if some input is encrypted with one key, it can only be decrypted with the other key, and vice versa.
+
+The creator of the key pair then makes one of the keys public and keeps the other one private. To sign a document, the key pair's owner creates a {{glossary("hash")}} of the document and encrypts it with the private key.
+
+They send the document and the signature to the verifier, who hashes the document, then retrieves the public key and decrypts the signature: if this matches the hash then the signature has been verified, and the verifier can be confident that the signature was created by an entity with access to the private key.
+
+The security of a digital signature system depends (among other things) on:
+
+- The private key's owner keeping it safe: if other entities can access the private key, they can impersonate the owner.
+
+- The public key used by the verifier being the genuine counterpart of the owner's private key: if an attacker could trick the verifier into trusting the wrong public key, they could impersonate the owner.
+
+Verifiers often use {{glossary("digital certificate", "digital certificates")}} to check that public keys are genuine.
+
+## See also
+
+- {{glossary("Digital certificate")}}
+- {{glossary("Hash")}}
+- {{glossary("Public-key cryptography")}}

From ed631e9c0d5a7c1f8ced44af6409a7f0fc9b34f8 Mon Sep 17 00:00:00 2001
From: wbamberg <will@bootbonnet.ca>
Date: Tue, 21 May 2024 18:38:28 -0700
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Estelle Weyl <estelle@openwebdocs.org>
---
 files/en-us/glossary/digital_signature/index.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files/en-us/glossary/digital_signature/index.md b/files/en-us/glossary/digital_signature/index.md
index ba8b5ff6f0118d3..017da3c86d5e564 100644
--- a/files/en-us/glossary/digital_signature/index.md
+++ b/files/en-us/glossary/digital_signature/index.md
@@ -8,11 +8,11 @@ page-type: glossary-definition
 
 A **digital signature** is an object that can be used to {{glossary("authentication", "authenticate")}} the author of a document or message.
 
-Digital signatures are usually based on {{glossary("public-key cryptography")}}, in which a key is created as a pair of keys, with the property that if some input is encrypted with one key, it can only be decrypted with the other key, and vice versa.
+Digital signatures are usually based on {{glossary("public-key cryptography")}}, in which a key is created as a pair of keys, with the property that, if some input is encrypted with one key, it can only be decrypted with the other key, and vice versa.
 
-The creator of the key pair then makes one of the keys public and keeps the other one private. To sign a document, the key pair's owner creates a {{glossary("hash")}} of the document and encrypts it with the private key.
+The creator of the key pair makes one of the keys public and keeps the other one private. To sign a document, the key pair's owner creates a {{glossary("hash")}} of the document and encrypts it with the private key.
 
-They send the document and the signature to the verifier, who hashes the document, then retrieves the public key and decrypts the signature: if this matches the hash then the signature has been verified, and the verifier can be confident that the signature was created by an entity with access to the private key.
+The document and signature are sent to the verifier, who hashes the document, retrieves the public key, and decrypts the signature: if this matches the hash, then the signature has been verified, and the verifier can be confident that it was created by an entity with access to the private key.
 
 The security of a digital signature system depends (among other things) on: