How does a digital signature provide integrity and non-repudiation?

Signing creates a binding between the data and the signer by producing a signature on a cryptographic hash of the message using the signer's private key. The hash condenses the message to a fixed-size value; any change to the message changes the hash, so a signature created on the original hash will not validate if the data is tampered with. When someone verifies, they compute the hash of the received content and use the signer's public key to decrypt the signature, recovering the original hash and comparing it to their own computed hash. If they match, integrity is confirmed and the signer must possess the corresponding private key, which provides non-repudiation: the signer cannot deny having signed it because only they could have created that signature with their private key. Signing the hash is efficient and specifically ties the signature to the exact content, whereas encrypting the entire message with a private key is not how signatures are typically performed and would be impractical.