Alice generates integers $N, e$ and $d$ such that for any integer $M$, we have $$M^{ed}\equiv M \text{ mod } N$$ (Assume that all messages are represented as positive integers less than the RSA modulus, $N$.)
She publishes $N$ and $e$, but keeps $d$ private. If someone wishes to send a message to Alice, they compute and send $Z \equiv M^e \text{ mod } N$. Alice can recover $M$ by computing $M \equiv Z^d \text{ mod } N$.
Question: How can Alice prove to Bob that a message could only have been written by her?
My attempt:
Suppose Alice wishes to send a signed message to Bob. She produces a hash value of the message, raises it to the power of $d \text{ mod } N$, i.e.
$$A \equiv H(M)^d \text{ mod }N$$
(just like when decrypting a message), and attaches it as a "signature" to the message.
When Bob receives the signed message, he raises the signature to the power of $e \text{ mod } N$, i.e $$H(M) \equiv A^e \text{ mod } N$$
(just like encrypting a message), and compares the resulting hash value with the message's actual hash value. If the two agree, he knows that the author of the message was in possession of Alice's secret key, and that the message has not been tampered with since.