Abstract: A digital signature method based on the discrete logarithm problem is provided that allows message recovery. The message x is transformed according to the rule e=x g.sup.-r mod p, where r is a secret value generated by the signer. A value y is then calculated according to the rule y=r+s e mod q, where y is the signer's secret key. The signature of x consists of the pair (e,y). The verifier recovers the message x according to the rule x=g.sup.y k.sup.e mod p, where k is the signer's public key. The validation of x can be based on some redundancy contained in x. Alternatively, a conventional verification equation can be constructed by using the signature method together with a hash function H. In addition, a key agreement method based on the signature method is provided which establishes with a single transmission pass a shared secret key K between two parties A and B in an authenticated fashion.