A
digital signature is
additional
information
accompanying a
message (or other
data) that can be
used to authenticate
the signer, as well
as validate the
integrity of the
message. This is
accomplished by
encrypting a
digest of the
message with the
signer's private
key.
Message digests
are the result of a
one-way hashing
algorithm, such as
MD5 or SHA-1. These
algorithms are
called "one-way"
because it is
considered
computationally
infeasible to
reverse their
results. That is,
you won't be able to
reverse a message
digest back into the
original plain text
message. In fact,
you won't even be
able to derive a
portion of the
original message
from the digest even
if you knew what
algorithm was used.
In addition to being
irreversable, a good
one-way hashing
algorithm has two
more important
qualities: the
result of the hash
(the digest) changes
dramatically if the
original message
changes even
slightly, and it is
unlikely that two
different messages
will result in the
same digest
(although unlikely,
it can happen.
Different plain text
messages that result
in the same digest
are known as
collisions).
Here are some
examples of similar
messages and their
SHA-1 digests:
Notice that the
digest changes
dramatically even
though the plain
text messages are
similar.
If you were to count
the number of
characters in the
digests above, you'd
see they're all the
same length. Fixed
length is yet
another property of
a message digest.
The length of the
plain text message
has no bearing on
the length of the
digest. If we were
to hash all the
letters of the
alphabet and then
hash the entire
works of William
Shakespeare, the
lengths of the two
digests would be
identical.
There is one more
property of a
hashing algorithm
worth pointing out,
which is: a plain
text message will
always result in the
same digest
(assuming you're
using the same
algorithm). Each
time someone hashes
the word "hello"
using SHA-1, the
result will always
be
aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d.
It does not matter
who performs the
hash or on what
system it is
performed. As long
as the message has
not changed, the
digest will not
change. This
property is useful
for validating the
integrity of data.
As mentioned
previously, a
digital signature is
a message digest
encrypted with a
private key (if
you're not familiar
with private keys,
check the
"Asymmetric
Encryption" post in
the Security Basics
forum). I'll use an
example to
demonstrate the
value of digital
signatures.
I want to send you
an important email
that, while not
confidential, must
reach you without
being tampered with.
In order to allow
you to detect any
tampering, I
digitally sign the
email. I accomplish
this by using a
one-way hashing
algorithm to create
a digest of my
email. I then
encrypt the digest
with my private key.
I send the plain
text email to you,
along with the
digital signature
(the encrypted
digest). You decrypt
the digest from the
digital signature by
using my public key.
Next, you create
your own digest of
the email and
compare it with the
digest I sent.
If the digests
match, you know the
message has not been
tampered with. If
the message had been
tampered with, the
digest you created
would differ from
the digest I sent in
the signature.
Digital signatures
provide a way to
validate the
integrity of a
message.
If the digests
match, you know that
I signed the
message. By
decrypting the
signature with my
public key, you know
that it must have
been encrypted with
my private key. As I
am the only person
with my private key,
I must have signed
the message. Digital
signatures provide a
way to authenticate
the signer. Also,
since nobody else
could have signed
the email, I cannot
later deny having
signed it. Digital
signatures provide
non-repudiation.
Digital signature do
not provide
confidentiality.
That is, digitally
signing a document
does not encrypt it.
Anyone can read your
digitally signed
document. Although
it is perfectly okay
to encrypt and sign
a message, it is
important to
understand the
difference between
the two.
