Security Basics mailing list archives
RE: Digital signature Question
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 6 Nov 2003 12:48:24 -0800
The point of using a symmetric key and encrypting it using the private key is that you've got a lot of data to encrypt and using the asymmetric private key on it would take too long. In the case of a digital signature, the digest you're encrypting is not much bigger than a symmetric key -- adding a symmetric key encrypted with the private key would add substantially to the volume of encrypted data without appreciably reducing the decrypt effort. So while you certainly *could* do it that way, I wouldn't expect the usual reason for doing it to offer any payoff in this case. David Gillett
-----Original Message----- From: Roger A. Grimes [mailto:rogerg () cox net] Sent: November 6, 2003 10:53 To: security-basics () securityfocus com Subject: Digital signature Question It's that time of the month again, when I gain weight, retain water, and feel stressed...it's time for me to bug the fine folks of this list with my seemingly monthly question about public/private crypto stuff. I've asked a few questions over the months and the excellent responses have been overwhelming. I always get my answer (and enough wrong replies to make me realize that I'm not the only one still trying to understand crypto even after ten years in the security field). So, thanks in advance to anyone who answers. Main Question: When I hash a message to authenticate it, and then encrypt the hash result with a private key to make a digital signature, is the private key I'm using at that point (normally) a shared symmetric private key or my private key from my private/public key pair? I see many web sites (ex. www.whatis.com, and many others saying) that a digital signature is made when the user uses their CA assigned private key to encrypt the hash result. But my understanding has always been that private/public key crypto exists mainly to transport the more secure shared symmetric private key that does the original signing/encrypting. Hence, I think the answer is that the message hash is signed by the shared symmetric private key and that key is they signed by the sender's private key from the sender's private/public key pair. Am I correct? If so, when is the digital signature made? At what point...when it is signed by the symmetric private key or by the private key from the private/public key pair? Roger ************************************************************** ************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE:Security (NT/2000/2003), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) ************************************************************** ************** ***** -------------------------------------------------------------- ------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-bas
ics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Digital signature Question Roger A. Grimes (Nov 06)
- Re: Digital signature Question Byron Sonne (Nov 07)
- Re: Digital signature Question Hollis Johnson (Nov 07)
- RE: Digital signature Question David Gillett (Nov 07)
- RE: Digital signature Question Stephen Glenn (Nov 07)
- Re: Digital signature Question Florian Streck (Nov 07)
- Re: Digital signature Question Francisco Andrades (Nov 07)
- <Possible follow-ups>
- RE: Digital signature Question Stephen Glenn (Nov 07)
- Re: Digital signature Question N407ER (Nov 24)