Security Basics mailing list archives

Re: newbie: what does "sign the message digest" mean?

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 15 Jun 2006 13:15:38 +0200

On 2006-06-14 Ravi Malghan wrote:

A sender wants to send a message called "Message" securly

1. sender computes the message digest for "Message".
2. sender signs the message digest and attaches the resulting digital
signature plus the certificate to the message. The result is Signed
Message + Sender Certificate + Signature
3. sender then encrypts the result from step 2 with a random session
key
.
.
and so on

What does the Step 2 mean. I understand what is computing a message
digest. 
1. But don't understand what is "signs the message digest".


You make a signature of the digest instead of a signature of the entire
message.

2. How is "Signed Message" different from "Message"


A signed message is message + signature of the message.

3. What is a Signature?


A signature allows you to verify the integrity of a message, meaning
that a) the message has not been altered by anyone and b) the message
really comes from the person who claims to be the author.

Maybe this page will help:

  http://www.youdzone.com/signature.html

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

newbie: what does "sign the message digest" mean? Ravi Malghan (Jun 14)
- Re: newbie: what does "sign the message digest" mean? Ansgar -59cobalt- Wiechers (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Vinod Gadgoli (Jun 22)
- <Possible follow-ups>
- Re: newbie: what does "sign the message digest" mean? simonis (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Aaron Rohyans (Jun 15)