Read the wiki about RSA and asymmetric cryptography. A pair of keys is created - private / public, which are essentially very large numbers. Private is kept secret, public is available to others. Using the key, you can perform an operation on a certain number ("encrypt") so that you can get the original representation only if you know the other part of the key. This is how the file is signed - the hash sum is calculated (for example, sha2, so that it is harder to guess), then the hash is encrypted using a private key and applied to the file. With the public key, the signature is decrypted and compared with the hash of the file. This is very briefly. There are several problems in the described - for example, the question of the authenticity of the verifier's public key.
If you do not understand encryption, it is contraindicated to cut something of your own, take a ready-made implementation - the same openssl

In a secure workflow, 3 components are usually needed (some may not be relevant specifically for your organization):
Plus, a very important property in terms of usability of the system is workflow support - that is, the ability to transfer documents of a certain kind along predetermined routes between users (for example, statements, coordination / familiarization with orders, etc.).
And if I believe that all the cryptographic tasks described in the list can really be implemented "on the knee", for example, on OpenSSL (albeit inconvenient for the user), then it is very difficult to build the last position (workflow) on your own. Better take some free EDMS.

Thank you, I'm reading. If someone else gave a link to which manual on this technology?