Digital signature process
Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft
Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what
happens when she clicks the button:
1. The application hashes the message.
2. The application retrieves Lisa’s private key and encrypts the hash using this private key.
3. The application sends both the encrypted hash and the unencrypted message to Bart.
When Bart’s system receives the message, it verifies the digital signature using the following
steps:
1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some
situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain
environments, Bart’s system can automatically retrieve Lisa’s certificate from a network
location.
2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.
3. The application calculates the hash on the received message.
4. The application compares the decrypted hash with the calculated hash.
If the calculated hash of the received message is the same as the encrypted hash of the digital
signature, it validates several important checks:
Authentication. Lisa sent the message. The public key can only decrypt something encrypted
with the private key, and only Lisa has the private key. If the decryption succeeded, Lisa’s
private key must have encrypted the hash. On the other hand, if another key was used to
encrypt the hash, Lisa’s public key could not decrypt it. In this case, Bart will see an error
indicating a problem with the digital signature.
Non-repudiation. Lisa cannot later deny sending the message. Only Lisa has her private key
and if the public key decrypted the hash, the hash must have been encrypted with her private
key. Non-repudiation is valuable in online transactions.
Integrity. Because the hash of the sent message matches the hash of the received message, the
message has maintained integrity. It hasn’t been modified.
A digital signature is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key. If successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.
Source: Darril Gobson
Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft
Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what
happens when she clicks the button:
1. The application hashes the message.
2. The application retrieves Lisa’s private key and encrypts the hash using this private key.
3. The application sends both the encrypted hash and the unencrypted message to Bart.
When Bart’s system receives the message, it verifies the digital signature using the following
steps:
1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some
situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain
environments, Bart’s system can automatically retrieve Lisa’s certificate from a network
location.
2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.
3. The application calculates the hash on the received message.
4. The application compares the decrypted hash with the calculated hash.
If the calculated hash of the received message is the same as the encrypted hash of the digital
signature, it validates several important checks:
Authentication. Lisa sent the message. The public key can only decrypt something encrypted
with the private key, and only Lisa has the private key. If the decryption succeeded, Lisa’s
private key must have encrypted the hash. On the other hand, if another key was used to
encrypt the hash, Lisa’s public key could not decrypt it. In this case, Bart will see an error
indicating a problem with the digital signature.
Non-repudiation. Lisa cannot later deny sending the message. Only Lisa has her private key
and if the public key decrypted the hash, the hash must have been encrypted with her private
key. Non-repudiation is valuable in online transactions.
Integrity. Because the hash of the sent message matches the hash of the received message, the
message has maintained integrity. It hasn’t been modified.
A digital signature is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key. If successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.
Source: Darril Gobson
No comments:
Post a Comment