A digital signature is a cryptographic mechanism that lets the holder of a private key produce a value over a message, such that anyone with the corresponding public key can verify it. The U.S. federal Digital Signature Standard, published by NIST as FIPS 186-5, specifies the approved algorithms and parameters for generating and verifying these signatures.
The scheme depends on an asymmetric key pair. The signer keeps the private key secret and uses it to generate the signature; verifiers use the matching public key to check it. Because forging a signature without the private key is computationally infeasible, a valid signature provides three properties at once: authenticity (it came from the key holder), integrity (the message was not changed after signing), and non-repudiation (the signer cannot plausibly deny having signed).
In practice a message is first reduced to a fixed-length digest with a cryptographic hash function, and the signature is computed over that digest. FIPS 186-5 details the approved digital signature algorithms, including DSA, ECDSA, and RSA-based signatures, along with the key sizes and parameters acceptable for federal use.
Digital signatures are the foundation of much of modern software security. They underpin the certificates that authenticate websites, the code signing that lets you trust an installed program, and the signed updates that keep operating systems and applications from accepting tampered software.