Table of Contents
Advertisement
Digital Signatures
Encryption and decryption address the problem of eavesdropping, one of the three
Internet security issues mentioned at the beginning of this document. But
encryption and decryption, by themselves, do not address the other two problems
mentioned in "Internet Security Issues" (beginning on page 763): tampering and
impersonation.
This section describes how public-key cryptography addresses the problem of
tampering. The sections that follow describe how it addresses the problem of
impersonation.
Tamper detection and related authentication techniques rely on a mathematical
function called a one-way hash (also called a message digest). A one-way hash is a
number of fixed length with the following characteristics:
•
The value of the hash is unique for the hashed data. Any change in the data,
even deleting or altering a single character, results in a different value.
•
The content of the hashed data cannot, for all practical purposes, be deduced
from the hash—which is why it is called "one-way."
As mentioned in "Public-Key Encryption," which begins on page 767, it's possible
to use your private key for encryption and your public key for decryption.
Although this is not desirable when you are encrypting sensitive information, it is a
crucial part of digitally signing any data. Instead of encrypting the data itself, the
signing software creates a one-way hash of the data, then uses your private key to
encrypt the hash. The encrypted hash, along with other information, such as the
hashing algorithm, is known as a digital signature.
Figure J-3 shows a simplified view of the way a digital signature can be used to
validate the integrity of signed data.
Figure J-3
Using a Digital Signature to Validate Data Integrity
Appendix J
Introduction to Public-Key Cryptography
Digital Signatures
769
Advertisement
Table of Contents
