A digital signature is a mathematical process for demonstrating the authenticity of a digital message or document. A valid digital signature allows the recipient to determine who is the message sender in such a way that the sender cannot deny having sent the message. It also allows the recipient to know if the message was altered in transit between sender and recipient.

A digital signature is based on cryptography of a public key also known as asymmetrical cryptography. It refers to a cryptography algorithm that requires two distinct keys one of which is secret (or private) and the other is public. Although different, the two parts of this pair of keys are mathematically related. The public key is used to encrypt simple text or to verify a digital signature whereas the private key is used to decrypt the ciphered text or to create a digital signature.

The public key algorithms are based on mathematical problems that have no know efficient solution. It is computationally easy for a user to generate is own pair of public and private keys and use them to encrypt and decrypt messages, as long as he has both keys. The solutions's strength lies on the fact that it is not computationally viable to determine the private key from the correspondent public key. As such the public key can be disseminated without compromising the secrecy of the private key.

Authentication of messages involves processing a message with a private key to produce a digital signature. It's possible for anyone to verify a digital signature using the signer's public key. Case it's verified one can can say the message was signed and check if the mesage was modified after the signature process. Usually only an hash or summary of the message is encrypted as a message's signature. Note that the hash can have a fixed size and be generated from a variable size message, thus standardizing the process.

In the case of the Portuguese citizen smart card the private key is stored in the smart card's chip and therefore is not accessible to anyone, including the card owner, who also has no access to is own private key. This way in order to perform a signature the message to be signed is sent to the chip. After the PIN number has been confirmed the mathematical calculations will be executed within the chip using the private key. The encrypted result which represents the signature will then be returned by the chip. This way the private key remains enclosed in the card's chip at all times.