Digital Signatures
Problem:
Bob wants to verify the integrity of the message received from Alice
Solution:
Alice "signs" the message and sends the digital signature
to Bob:
- Alice computes the SHA digest of the message and encrypts the digest
with hers private key. The encrypted digest is called the digital signature
of the message.
- Alice sends the message and the digital signature to Bob.
- Bob receives the message and the digital signature. He decrypts the
digital signature using Alice's public key. After that he computes the
digest and compares it with the value decrypted. If the two digest are
equal, Bob is sure that the message is not altered during transmission
and Alice is the person who signed the message.
Public Key Certificates
Problem:
How does Alice know Bob's public key?
Solutions:
- Alice and Bob use a secure channel to get the public key;
- Bob sends to Alice his Public-Key Certificate. Other names for
certificates are: digital IDs, digital passports, digital certificates;
A certificates contains:
- subject's distinguished name (DN). Example: C=US, O=VeriSign, CN=John
Smith; this is the X.500 naming system for persons;
- subject's RSA public key;
- issuer's distinguished name: C=US, O=VeriSign, CN=VeriSign Class 1
- validity period;
- serial number;
- issuer's signature;
How does Alice verify the certificate?
- computes the hash function of the certificate (less the signature);
- decrypts the signature using the public key of the issuer;
- compares the computed hash value with the decrypted value; they must
be the same;
How does Alice know the public key of the issuer?
- is a well-publicized public key;
- uses another certificate for the issuer; certificates chain; certificates
authorities; public-key infrastructure;
Prev Up
Next