16.2 digital signatures by: john barton. what is a digital signature? the idea comes from the idea...
TRANSCRIPT
16.2 Digital Signatures
By: John Barton
What is a Digital Signature?
• The idea comes from the idea of signing a document by its author (authenticating it).
• When you send a document electronically you can also sign it and that is called a Digital Signature.
• A Digital Signature provides security to the author of the document because the signature represents his/her integrity, authentication, and the document becomes nonrepudiation (the author cannot denying his/her signature later).
The Two Forms of Digital Signatures Are…
• Signing the Whole Document
• Signing the Digest
Signing the Whole Document
• When Bob wishes to send a document he first encrypts the message with his private key
• Then Bob sends the ciphered text to the recipient who uses the public key to decrypt it.
• After decryption the document can be read as Bob first sent it.
Bob
(Bob's public key)
(Bob's private
key)
Keys
• Bob has two parts to signing the whole document, a public key and a private key.
• He keeps the private key for himself
• He can then give out the public key… well as you might have guessed the public… so smart these computer guys.
• In this example Susan is using her public key to send Bob a message.
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"
Problems with Signing the Whole Document
• The process is very inefficient.
• You cannot use any secret keys.
• This method does not provide any secrecy, because anyone can use the public key to read a message.
Bob's Co-workers:
Anyone can get
Bob's Public Key, but Bob keeps his
Private Key to himself
Pat Doug Susan
Signing the Digest
• The sender of a digest makes a miniature form of the document and signs it.
• To create the digest hash functions are employed.
• Hash Functions take any sized documents and fix their
lengths at either a 128-bit digest or a 160-bit digest.
Properties of Hash Functions to Guarantee Success
• Hashing should be one way, the digest can only be created form the message not vice versa.
• Hashing should only be one-to-one.
Mission Control… Message Sent• Check out the Diagrams on pg 313 and 314
to follow along better
• Bob sends a message.
• The message gets hashed, it becomes a digest.
• The digest becomes encrypted using Bob’s private key…the encrypted message is now considered a signed digest.
• The total package is known as a the Message Plus Signed Digest.
Roger That…Message Received• The Message Plus Signed Digest is received
by the recipient's computer and split into two parts…to ensure the message’s privacy.
• There is the decrypted part and the hashed part.
• Both become digests and then compared.• If they are the same the privacy is ensured
and Bob is happy.
In Conclusion
• Signing Two Ways – Whole or Digest
• Two Types of Key - Public or Private
• Hashing – (slows down Bob’s reaction time) but it speeds up the process of signing a digest.
• When Everything Goes Right
• BOB IS HAPPY
Bob