For electronic signing a public key system is used in general, i.e. the algorithm needs a pair of keys where only one has to be kept secret; the other may be public. The sender (the sending or storing program) generates a hash code (see 3.1.25) of the data and encrypts it with his secret key. The result is the signature. The receiver (the receiving or reading program) decrypts the signature with the public key of the sender and compares the result with the actual hash code of the data. In case of equality, the data are authenticated. The receiver may require a cryptographic certificate of the sender (see 3.1.10) to be sure of the authenticity of the public key.