Security Basics mailing list archives
Re: newbie: what does "sign the message digest" mean?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 15 Jun 2006 13:15:38 +0200
On 2006-06-14 Ravi Malghan wrote:
A sender wants to send a message called "Message" securly 1. sender computes the message digest for "Message". 2. sender signs the message digest and attaches the resulting digital signature plus the certificate to the message. The result is Signed Message + Sender Certificate + Signature 3. sender then encrypts the result from step 2 with a random session key . . and so on What does the Step 2 mean. I understand what is computing a message digest. 1. But don't understand what is "signs the message digest".
You make a signature of the digest instead of a signature of the entire message.
2. How is "Signed Message" different from "Message"
A signed message is message + signature of the message.
3. What is a Signature?
A signature allows you to verify the integrity of a message, meaning that a) the message has not been altered by anyone and b) the message really comes from the person who claims to be the author. Maybe this page will help: http://www.youdzone.com/signature.html Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- newbie: what does "sign the message digest" mean? Ravi Malghan (Jun 14)
- Re: newbie: what does "sign the message digest" mean? Ansgar -59cobalt- Wiechers (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Vinod Gadgoli (Jun 22)
- <Possible follow-ups>
- Re: newbie: what does "sign the message digest" mean? simonis (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Aaron Rohyans (Jun 15)