Certificates And Authentication - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

Certificates and Authentication

Figure J-3 shows two items transferred to the recipient of some signed data: the
original data and the digital signature, which is basically a one-way hash (of the
original data) that has been encrypted with the signer's private key. To validate the
integrity of the data, the receiving software first uses the signer's public key to
decrypt the hash. It then uses the same hashing algorithm that generated the
original hash to generate a new one-way hash of the same data. (Information about
the hashing algorithm used is sent with the digital signature, although this isn't
shown in the figure.) Finally, the receiving software compares the new hash against
the original hash. If the two hashes match, the data has not changed since it was
signed. If they don't match, the data may have been tampered with since it was
signed, or the signature may have been created with a private key that doesn't
correspond to the public key presented by the signer.
If the two hashes match, the recipient can be certain that the public key used to
decrypt the digital signature corresponds to the private key used to create the
digital signature. Confirming the identity of the signer, however, also requires
some way of confirming that the public key really belongs to a particular person or
other entity. For a discussion of the way this works, see the next section,
"Certificates and Authentication."
The significance of a digital signature is comparable to the significance of a
handwritten signature. Once you have signed some data, it is difficult to deny
doing so later—assuming that the private key has not been compromised or out of
the owner's control. This quality of digital signatures provides a high degree of
nonrepudiation—that is, digital signatures make it difficult for the signer to deny
having signed the data. In some situations, a digital signature may be as legally
binding as a handwritten signature.
Certificates and Authentication
• A Certificate Identifies Someone or Something
• Authentication Confirms an Identity
• How Certificates Are Used
• Contents of a Certificate
• How CA Certificates Are Used to Establish Trust
804 Netscape Certificate Manager System Administrator's Guide • June 2003