What cryptographic tool is used to authenticate the origin of a message and ensure its integrity?

A digital signature is utilized to authenticate the origin of a message and ensure its integrity. It works by applying a hash function to the message, producing a fixed-size string that represents the content of the message. This hash is then encrypted with the sender's private key, creating the digital signature. When the recipient receives the message along with the signature, they can use the sender's public key to decrypt the signature back into the hash. By generating a new hash from the received message and comparing it to the decrypted hash, the recipient can confirm that the message has not been altered (ensuring integrity) and that it indeed originated from the claimed sender (authenticating the origin).

Other options like a hash alone do not provide authentication since it does not include any encryption or signing aspect. An encryption key is primarily used for confidentiality rather than for verifying origin or integrity. A Certification Authority is responsible for issuing digital certificates, which support the validation of public keys, but they do not directly authenticate messages or ensure their integrity.