10.3. Digital Signatures

Once you have chosen a cryptographically sound hashing algorithm, you can use it to implement a digital signature system. Digital signature infrastructures have two distinct goals:

  • Digitally signed messages assure the recipient that the message truly came from the claimed sender, and they enforce nonrepudiation (that is, they preclude the sender from later claiming that the message is a forgery).

  • Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient. This protects against both malicious modification (a third party wanting to alter the meaning of the message) and unintentional modification (because of faults in the communications process, such ...

Get CISSP®: Certified Information Systems Security Professional: Study Guide, Fourth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.