RSA signature creation and transfer

Question

I am trying to write an RSA code in python3.6 for educational purposes.

The message encryption part is finished. I now need to create a digital signature for the message, which, as I understand, is just a big integer encrypted using the sender's private key (please correct me if I'm wrong). What size should the integer used for it be? And are the encrypted message and the signature transferred as a pair or should they be somehow connected into a single integer?

Answer 1

A signed message is not encrypted. It doesn't or rather shouldn't change when you sign it. Instead it is hashed and the hash is "encrypted" (this is actually the decryption procedure, but with padding applied) with the private key.

The receiver needs four things:

1. Public key
2. Original unaltered message
3. Signature
4. Knowledge about how all of this is represented and connected: Encoding of the public key, encoding of the message, encoding of the signature and actual signature scheme that was used (RSA/DSA/EdDSA/SPHINCS/etc. with some specific hash function and padding scheme)

Mathematically speaking the RSA signature is a single large integer, but when you want to transmit it, you need to encode it somehow. You can find the full specification in RFC 8017. If you want to use RSA for signing, you should use RSASSA-PSS or simply PSS which specifies a padding scheme that is considered secure. Don't implement it yourself if you want to use it in production.