In this chapter, we’ve explored the first link in creating an authenticated and secure system: the message digest. The facility to calculate a message digest is straightforward and easy to use; the facility to write our own message digest class is equally straightforward.

The message digest by itself gives us some comfort about the state of the data it represents, but it does not give us a completely secure system. If we have a shared passphrase, we can construct a secure message digest (that is, a Message Authentication Code), but there are no easy means to share that passphrase. A MAC is similiar to a digital signature (where digital keys replace the passphrase); in the next few chapters, we’ll continue our exploration of the API to provide the necessary components of a digital signature, beginning with an exploration of the keys required to create a digital signature.