Security Basics mailing list archives
Re: newbie: what does "sign the message digest" mean?
From: simonis () myself com
Date: 15 Jun 2006 15:34:22 -0000
Ravi, In step one, a digest is created. But, this digest is of little use alone... it might as well be a checksum at this point. It does nothing to assure the recipient or the sender that the message itself has not been altered. If I intercept and change the message, all I need to do is recompute the digest and forward on. So, how to fix this? The key (no pun!) is to use asymmetric cryptography. I can "sign" the message digest, that is, encrypt it with my private key. That forms a digital signature. Only the person in possession of my private key (assumed to be only myself) could have generated a message digest that is so encrypted. The recipient can decrypt this with my public key. Then, they can recompute the message digest and recompare. If the two digests are the same, they know the message has not changed in transit. I hope that clears things up. If not, you may want to re-read on public key (asymmetric) cryptography to clarify the relationship of the two keys in the pair. -Ds
Current thread:
- newbie: what does "sign the message digest" mean? Ravi Malghan (Jun 14)
- Re: newbie: what does "sign the message digest" mean? Ansgar -59cobalt- Wiechers (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Vinod Gadgoli (Jun 22)
- <Possible follow-ups>
- Re: newbie: what does "sign the message digest" mean? simonis (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Aaron Rohyans (Jun 15)