|
|
|
|
Some
public-key algorithms can be used to generate digital
signatures. A digital signature is a small amount of data that
was created using some secret key, and there is a public key that
can be used to verify that the signature was really generated using
the corresponding private key. The algorithm used to generate the
signature must be such that without knowing the secret key it is not
possible to create a signature that would verify as valid.
Digital signatures are used to verify that a message really
comes from the claimed sender (assuming only the sender knows the
secret key corresponding to his/her public key). They can also be
used to timestamp documents: a trusted party signs the
document and its timestamp with his/her secret key, thus testifying
that the document existed at the stated time.
Digital
signatures can also be used to testify (or certify) that a
public key belongs to a particular person. This is done by signing
the combination of the key and the information about its owner by a
trusted key. The digital signature by a third party (owner of the
trusted key), the public key and information about the owner of the
public key are often called certificates.
The reason
for trusting that third party key may again be that it was signed by
another trusted key. Eventually some key must be a root of
the trust hierarchy (that is, it is not trusted because it was
signed by somebody, but because you believe a priori that the key
can be trusted). In a centralized key infrastructure there
are very few roots in the trust network (e.g., trusted government
agencies; such roots are also called certification
authorities). In a distributed infrastructure there need
not be any universally accepted roots, and each party may have
different trusted roots (such of the party's own key and any keys
signed by it). This is the web of trust concept used in e.g.
PGP.
A digital signature of an arbitrary document is
typically created by computing a message digest from the
document, and concatenating it with information about the signer, a
timestamp, etc. The resulting string is then encrypted using the
private key of the signer using a suitable algorithm. The resulting
encrypted block of bits is the signature. It is often
distributed together with information about the public key that was
used to sign it. To verify a signature, the recipient first
determines whether it trusts that the key belongs to the person it
is supposed to belong to (using the web of trust or a priori
knowledge), and then decrypts the signature using the public key of
the person. If the signature decrypts properly and the information
matches that of the message (proper message digest etc.), the
signature is accepted as valid.
Several methods for making
and verifying digital signatures are freely available. The most
widely known algorithm is RSA.
| |
|