So far, you've learned how encryption can be used to preserve the confidentiality and integrity of messages, but asymmetric algorithms in particular can provide another added benefit: nonrepudiation. Algorithms that provide nonrepudiation allow the recipient of a message to prove conclusively to a third party that the message originated from a sender. You might imagine many situations where this would be useful, such as proving the author of a contract.
Asymmetric algorithms achieve nonrepudiation through the use of digital signatures. A sender wishing to digitally sign a message uses a hash function to create a short digital summary of the message, known as the hash, and then signs it using his or her private key (known only to the sender). The recipient can then verify the digital signature by using the same hash function to create a hash and then decrypting the digital signature using the sender's public key. If the hash created by the recipient and the hash from the decrypted digital signature match, the recipient knows that the message truly came from the purported source. Because the sender's public key is known to everyone participating in the cryptosystem, anyone can verify the message independently, making it quite trustworthy.