Re: newbie: what does "sign the message digest" mean?

["Aaron Rohyans" <aaronr () imcu com>]

Basically heres what happens when you send a message using Digital Signatures/Certificates:

1. I take my message and run it through a hashing algorithm (such as MD5) to form a "digest."
2. Every device that communicates using Digital Signatures/Certificates has 2 different certificates....a Public 
Certificate, and a Private Certificate.  The private certificate is NEVER shared.  Once I run my message through the 
hash and obtain my "digest," I append my signature to it.  My signature is a HASH of my Private Certificate.  Along 
with the digest and my hashed signature, I also include my Public Certificate.  Here is an example:

SENDER:
Step 1.  Message123---->Hash---->M1ess2age3 (digest)
Step 2.  Private Certificate---->Hash---->ada23d3e (signature)
Step 3.  M1ess2age3 (digest) + ada23d3e (signature)= 
M1ess2age3ada23d3e
Step 4.  M1ess2age3ada23d3e + Public Certificate---->Encrypted
Step 5.  Sent to Recipient

RECEIVER:
Step 1.  Encrypted Message is unencrypted using session key
Step 2.  Use Public Certificate from sender to verify that ada23d3e (signature) is valid.
Step 3.  Use session key to "unhash" message if source is valid.

3.  When the receiving device gets my message, it uses my Public Certificate to "unhash" my signature and verify that 
the message is truly from me.  Once the message source is verified, the receiving device can then begin decoding the 
rest of the message.

Does that help?
Aaron


---------- Original Message ----------------------------------
From: Ravi Malghan <rmalghan () yahoo com>
Date:  Wed, 14 Jun 2006 08:07:27 -0700 (PDT)

> Hi: I am very new to cryptography. I am reading a book
> and donot seem to understand the meaning of "sign the
> message digest" even after reading the chapter several
> times. Below is what the book describes
>
> A sender wants to send a message called "Message"
> securly
>
> 1. sender computes the message digest for "Message".
> 2. sender signs the message digest and attaches the
> resulting digital signature plus the certificate to
> the message. The result is Signed Message + Sender
> Certificate + Signature
> 3. sender then encrypts the result from step 2 with a
> random session key
> .
> .
> and so on
>
> What does the Step 2 mean. I understand what is
> computing a message digest. 
> 1. But don't understand what is "signs the message
> digest". 
> 2. How is "Signed Message" different from "Message"
> 3. What is a Signature?
> Can someone explain?
>
> Thanks
> Ravi
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________
 




________________________________________________________________
Sent via the WebMail system at imcu.com