Re: Digital signature Question

[Florian Streck <streck () papafloh de>]

On Thu, Nov 06, 2003 at 12:53:02PM -0600, Roger A. Grimes wrote:
> It's that time of the month again, when I gain weight, retain water, and
> feel stressed...it's time for me to bug the fine folks of this list with my
> seemingly monthly question about public/private crypto stuff.  I've asked a
> few questions over the months and the excellent responses have been
> overwhelming.  I always get my answer (and enough wrong replies to make me
> realize that I'm not the only one still trying to understand crypto even
> after ten years in the security field).  So, thanks in advance to anyone who
> answers.
>
> Main Question:  When I hash a message to authenticate it, and then encrypt
> the hash result with a private key to make a digital signature, is the
> private key I'm using at that point (normally) a shared symmetric private
> key or my private key from my private/public key pair?
>
> I see many web sites (ex. www.whatis.com, and many others saying) that a
> digital signature is made when the user uses their CA assigned private key
> to encrypt the hash result.  But my understanding has always been that
> private/public key crypto exists mainly to transport the more secure shared
> symmetric private key that does the original signing/encrypting.

First important fact is that symetric algorithms ( at least the ones in
use) are much faster than asymetric ones AFAIK.
If I want to sign a hash there is very little data to be signed so there
is not much time to be saved. That means there is no reason to use a
symetric key, that would have to be transported to the destination in a
secure way (asuming that I haven't sent my mailing partner a CD or
Floppy with the key) which would require to encrypt that key with the
public part of the asymetric key of my partner. 
My conclusion, without knowing if it really is implemented that
way (but hoping): Signing is done with your private key from your
private/public keypair.

Another thing is encrypting mails. Since you might have a very long mail
it makes sense to use a fast algorithm, which means a symetric one.
Therefore you generate a key for that symetric algorithm, encrypt the
mail, and then, encrypt that symetric key with the public key of the
recipient. So the slow asymetric method is used on very little data.
Another effect is that you might want to send your encrypted mail to a group of
people and the additional work is just to encrypt that symetric key for
every recipient. This makes the process very fast compared to the
variant where you have to encrypt the mail with a different public key
for every recipient.

I hope I could help you with my answer. And if I got it wrong I hope
that there is a crypto-guru on this list to correct my errors.

Florian Streck

-- 
FORTUNE'S RULES TO LIVE BY: #23
        Don't cut off a police car when making an illegal U-turn.

Attachment: _bin
Description: