A signature is an authenticated checksum that can be used to check that a message
(any data) was created by a particular author and was not tampered with. The signature is
created using a private key and can be verified from the corresponding public key.
Signatures are used when the message itself is not confidential but integrity is
important. A common use is for software repositories where maintainers include
a signature of the package index. This allows client package managers to verify
that the binaries were not modified by intermediate parties in the distribution
process.
For confidential data, use authenticated encryption (auth_encrypt)
which allows for sending signed and encrypted messages in a single method.
Currently sodium requires a different type of key pairfor signatures (ed25519)
than for encryption (curve25519).