Encryption and decryption address problems of eavesdropping, but they do not address tampering and impersonation. However, public-key cryptography does address the problems of tampering and impersonation. Show
You can use your private key for encryption and your public key for decryption. Although this is not desirable when you are encrypting sensitive data, it is an important part of digitally signing any data. Rather than encrypting the data itself, you can create a one-way hash of the data and then use your private key to encrypt the hash. The encrypted hash, along with other information like the hashing algorithm, is known as a digital signature. shows a simplified view of how you can use a digital signature to validate the integrity of signed data. Figure 1. Digital signature validating data integrity shows the original data and the digital signature transferred to the recipient. The digital signature is basically a one-way hash (or message digest) of the original data that was encrypted with the signer's private key. To validate the data's integrity, the recipient first uses the signer's public key to decrypt the digital signature. The recipient then uses the same hashing algorithm that generated the original hash to generate a new one-way hash of the same data. Information about the hashing algorithm used is sent with the digital signature; this is not shown in the figure. Finally, the recipient compares the two hash values. If they match, the data has not changed since it was signed. If the hashes do not match, the data may have been tampered with since it was first signed or the digital signature may have been created with a private key that does not correspond to the public key presented by the signer. If the hashes match, the recipient can be assured that the public key used to decrypt the digital signature corresponds to the private key used to create the digital signature. However, confirming the identity of the signer also requires some way of confirming that the public key truly belongs to a particular person or other entity. Digital certificates and authentication are used in this case. You can compare the significance of a digital signature to that of your handwritten signature. Once you have signed data, it is difficult to deny doing so later. This assumes that the private key was not compromised or out of the owner's control. Digital signatures make it difficult for the signer to deny having signed the data. The terms digital signature and electronic signature are sometimes confused or used interchangeably. While digital signatures are a form of electronic signature, not all electronic signatures are digital signatures. Electronic signatures—also called e-signatures—are any sound, symbol, or process that shows the intent to sign something. This could be a scan of your hand-written signature, a stamp, or a recorded verbal confirmation. An electronic signature could even be your typed name on the signature line of a document. What is a digital signature?A digital signature—a type of electronic signature—is a mathematical algorithm routinely used to validate the authenticity and integrity of a message (e.g., an email, a credit card transaction, or a digital document). Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents. In emails, the email content itself becomes part of the digital signature. Digital signatures are significantly more secure than other forms of electronic signatures. Why would you use a digital signature?Digital signatures increase the transparency of online interactions and develop trust between customers, business partners, and vendors. How do digital signatures work?Familiarize yourself with the following terms to better understand how digital signatures work:
Digital signatures work by proving that a digital message or document was not modified—intentionally or unintentionally—from the time it was signed. Digital signatures do this by generating a unique hash of the message or document and encrypting it using the sender’s private key. The hash generated is unique to the message or document, and changing any part of it will completely change the hash. Once completed, the message or digital document is digitally signed and sent to the recipient. The recipient then generates their own hash of the message or digital document and decrypts the sender’s hash (included in the original message) using the sender’s public key. The recipient compares the hash they generate against the sender’s decrypted hash; if they match, the message or digital document has not been modified and the sender is authenticated. Why should you use PKI or PGP with digital signatures?Using digital signatures in conjunction with PKI or PGP strengthens them and reduces the possible security issues connected to transmitting public keys by validating that the key belongs to the sender, and verifying the identity of the sender. The security of a digital signature is almost entirely dependent on how well the private key is protected. Without PGP or PKI, proving someone’s identity or revoking a compromised key is impossible; this could allow malicious actors to impersonate someone without any method of confirmation. Through the use of a trusted third party, digital signatures can be used to identify and verify individuals and ensure the integrity of the message. As paperless, online interactions are used more widely, digital signatures can help you secure and safeguard the integrity of your data. By understanding and using digital signatures, you can better protect your information, documents, and transactions. What combines public key cryptography with a cryptographic hash?Digital signature technology combines public key cryptography and cryptographic hashing; public key cryptography provides a way to prove your identity, and cryptographic hashing provides a way to guarantee that the information to which you attached your identity has not been modified.
How are digital signatures different from public key cryptography?Digital signatures work through public key cryptography's two mutually authenticating cryptographic keys. The individual who creates the digital signature uses a private key to encrypt signature-related data, while the only way to decrypt that data is with the signer's public key.
Which type of cryptography is also called public key cryptography?Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.
How digital signature is used with hash function to secure message authentication?Hash functions are used to "digest" or "condense" a message down to a fixed size, which can then be signed, in a way that makes finding other messages with the same hash extremely difficult (so the signature wont apply easily to other messages).
|