Digital Signatures
So far, we’ve been talking about various kinds of keyed ciphers, using symmetric and asymmetric keys, to allow us to encrypt and decrypt secret messages.
In addition to encrypting and decrypting messages, cryptosystems can be used to sign messages, proving who wrote the message and proving the message hasn’t been tampered with. This technique, called digital signing, is important for Internet security certificates, which we discuss in the next section.
Signatures Are Cryptographic Checksums
Digital signatures are special cryptographic checksums attached to a message. They have two benefits:
Signatures prove the author wrote the message. Because only the author has the author’s top-secret private key,[8] only the author can compute these checksums. The checksum acts as a personal “signature” from the author.
Signatures prevent message tampering. If a malicious assailant modified the message in-flight, the checksum would no longer match. And because the checksum involves the author’s secret, private key, the intruder will not be able to fabricate a correct checksum for the tampered-with message.
Digital signatures often are generated using asymmetric, public-key technology. The author’s private key is used as a kind of “thumbprint,” because the private key is known only by the owner.
Figure 14-10shows an example of how node A can send a message to node B and sign it:
Node A distills the variable-length message into a fixed-sized digest.
Node A applies a “signature” ...
Get HTTP: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
