Digital signature: Difference between revisions
Jump to navigation
Jump to search
imported>Sandy Harris No edit summary |
imported>Sandy Harris No edit summary |
||
Line 17: | Line 17: | ||
* if they are identical, then you know with overwhelming probability: | * if they are identical, then you know with overwhelming probability: | ||
** the documents signed (hash H1) and the document received (hash H2) are identical (from properties of a [[cryptographic hash]]) | ** the documents signed (hash H1) and the document received (hash H2) are identical (from properties of a [[cryptographic hash]]) | ||
** whoever generated the signature knew the signer's private key (which only | ** whoever generated the signature knew the signer's private key (which only the signer should know in a [[public key]] system) | ||
* so you can accept the signature as valid | * so you can accept the signature as valid | ||
Revision as of 22:41, 7 December 2010
Digital signatures provide source authentication for online documents, messages or records, in a manner analogous to what a signature provides for a paper document.
Two cryptographic techniques are used together to produce a digital signature, a cryptographic hash and a public key cryptosystem.
The steps for the sender are as follows:
- calculate a hash or message digest from the message
- encrypt that hash with the sender's private key
- combine the encrypted hash with information identifying the signer
- append the combination to the message as a signature
Steps for the receiver are:
- obtain the sender's public key and authenticate its integrity and source
- decrypt the signature, using the sender's public key, to get the hash value; call it H1
- hash the message body yourself to get another hash value, H2
- compare H1 and H2
- if they are identical, then you know with overwhelming probability:
- the documents signed (hash H1) and the document received (hash H2) are identical (from properties of a cryptographic hash)
- whoever generated the signature knew the signer's private key (which only the signer should know in a public key system)
- so you can accept the signature as valid
If both the hash and the public key system used are secure, and no-one except the sender knows his private key, then the signatures are trustworthy.
The use of digital signatures raises legal issues. There is an online reference [1] for laws around the world.
References
- ↑ Digital Signature Law Survey https://dsls.rechten.uvt.nl/