Digital Signatures

  • Identify key issues of cryptography and be able to explain basic cryptographic methods in use today.

    • Define the uses of digital signatures.

Digital signatures are used to authenticate the sender of a message, and serve as the electronic version of a written signature that can be used to verify the sender of printed correspondence. Along with authentication and nonrepudiation, a digital signature can provide integrity, assuring that the data has not been modified after leaving the sender.

How Digital Signatures Work

Previously, we discussed how you could encrypt a message using someone's public key to provide confidentiality. The public/private key pair can also be used to authenticate the identity of the message sender. In this case, you use your private key to encrypt the hash of the message, and the recipient uses your public key to decrypt it (the opposite of the earlier scenario). Because you are the only one who has access to the private key, and because only that particular private key works with that particular public key, the recipient can be confident that you were the one who sent it.

Digital signatures combine a hash with a digital signature algorithm. The hash value created when you encrypt the message with your private key becomes your digital signature for that message. The digital signature will be different if you “sign” a different message, and will be different from that produced by someone signing the same message with a different private key.

The digital signature is normally attached to the message or transmitted with it. Because the signature is unique to a particular message, it is useless unless there is a message with which it is associated. You cannot move the digital signature from one document to another to “forge” the signature, because any change whatsoever produces a different hash value and invalidates the signature.

Verifying the Digital Signature

The digital signature is verified by using the same hash function to create a new hash value, and then using the sender's public key to verify whether the matching private key was used to create the signature. The public key verifies only a digital signature that was created with the corresponding private key.

If the hash result calculated by the verifier is exactly the same as the hash result extracted from the digital signature, this also verifies the integrity of the message (that it has not been changed).

Uses of Digital Signatures

Digital signatures can be used in e-commerce and other Internet-based financial transactions. Several state, national, and international standards and statutes accept digital signatures as a valid means of signing transactions with banks, government agencies, and corporations. The likelihood of a digital signature being forged is statistically less than that of forgery or alteration of paper documents.

REVIEW BREAK

  • Digital signatures combine a hash with a digital signature algorithm to create a value that can be used on a one-time basis to verify the identity of the sender of a message.

  • The digital signature is verified by using the same hash function to create a new hash value, and then using the sender's public key to verify whether the matching private key was used to create the signature.

  • The likelihood of a digital signature being forged is statistically less than that of forgery or alteration of paper documents.


..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.107.116