16.2 Digital Signatures

By: John Barton

What is a Digital Signature?

• The idea comes from the idea of signing a document by its author (authenticating it).

• When you send a document electronically you can also sign it and that is called a Digital Signature.

• A Digital Signature provides security to the author of the document because the signature represents his/her integrity, authentication, and the document becomes nonrepudiation (the author cannot denying his/her signature later).

The Two Forms of Digital Signatures Are…

• Signing the Whole Document

• Signing the Digest

Signing the Whole Document

• When Bob wishes to send a document he first encrypts the message with his private key

• Then Bob sends the ciphered text to the recipient who uses the public key to decrypt it.

• After decryption the document can be read as Bob first sent it.

                  

Bob

         

                 

(Bob's public key)

                 (Bob's private

key)

Keys

• Bob has two parts to signing the whole document, a public key and a private key.

• He keeps the private key for himself

• He can then give out the public key… well as you might have guessed the public… so smart these computer guys.

• In this example Susan is using her public key to send Bob a message.

                  

         

"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"

                           

HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A

                            

HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A

                           

"Hey Bob, how about lunch at Taco Bell. I hear they have free refills!"

Problems with Signing the Whole Document

• The process is very inefficient.

• You cannot use any secret keys.

• This method does not provide any secrecy, because anyone can use the public key to read a message.

Bob's Co-workers:

                                                        

         

                 Anyone can get

Bob's Public Key, but Bob keeps his

Private Key to himself

Pat Doug Susan

Signing the Digest

• The sender of a digest makes a miniature form of the document and signs it.

• To create the digest hash functions are employed.

• Hash Functions take any sized documents and fix their

lengths at either a 128-bit digest or a 160-bit digest.

                                            

                                                

Properties of Hash Functions to Guarantee Success

• Hashing should be one way, the digest can only be created form the message not vice versa.

• Hashing should only be one-to-one.

                                                

Mission Control… Message Sent• Check out the Diagrams on pg 313 and 314

to follow along better

• Bob sends a message.

• The message gets hashed, it becomes a digest.

• The digest becomes encrypted using Bob’s private key…the encrypted message is now considered a signed digest.

• The total package is known as a the Message Plus Signed Digest.

Roger That…Message Received• The Message Plus Signed Digest is received

by the recipient's computer and split into two parts…to ensure the message’s privacy.

• There is the decrypted part and the hashed part.

• Both become digests and then compared.• If they are the same the privacy is ensured

and Bob is happy.

In Conclusion

• Signing Two Ways – Whole or Digest

• Two Types of Key - Public or Private

• Hashing – (slows down Bob’s reaction time) but it speeds up the process of signing a digest.

• When Everything Goes Right

• BOB IS HAPPY

Bob