nerdexam
(ISC)2

CISSP · Question #978

Which of the following is required to verify the authenticity of a digitally signed document?

The correct answer is C. Recipient's public key. Verifying a digital signature requires the sender's public key, not a private key or shared secret. The recipient uses this public key to decrypt the signature and confirm authenticity.

Submitted by anjalisingh· Mar 5, 2026Security Architecture and Engineering

Question

Which of the following is required to verify the authenticity of a digitally signed document?

Options

  • ADigital hash of the signed document
  • BSender's private key
  • CRecipient's public key
  • DAgreed upon shared secret

How the community answered

(33 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    88% (29)
  • D
    6% (2)

Why each option

Verifying a digital signature requires the sender's public key, not a private key or shared secret. The recipient uses this public key to decrypt the signature and confirm authenticity.

ADigital hash of the signed document

While a digital hash is part of the signing process internally, possessing only the hash of the signed document is insufficient to verify authenticity without the sender's public key to decrypt and compare it.

BSender's private key

The sender's private key is used to create the digital signature, not to verify it; exposing the private key to the recipient would compromise the entire security model of asymmetric cryptography.

CRecipient's public keyCorrect

To verify a digital signature, the recipient uses the sender's public key (not the recipient's public key) to decrypt the signature and obtain the original hash, which is then compared against a freshly computed hash of the document. If the hashes match, the signature is authentic and the document has not been tampered with. This asymmetric process ensures only the holder of the corresponding private key could have created the signature.

DAgreed upon shared secret

A shared secret is associated with symmetric cryptography and HMAC-based authentication schemes, not with asymmetric digital signature verification, which relies on a public/private key pair.

Concept tested: Digital signature verification using asymmetric cryptography

Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows#digital-signatures

Topics

#digital signature#public key cryptography#authenticity#PKI

Community Discussion

No community discussion yet for this question.

Full CISSP Practice