Digital Signatures

Integrity is guaranteed in public-key systems by using digital signatures. A digital signature is a piece of data which is attached to a message and which can be used to determine whether the message was tampered with during transmission.

The digital signature for a message is generated in two steps.

First, a message digest is generated. A message digest is a “summary” of the message to be transmitted. It has two important properties: (1) it is always smaller than the message itself and (2) even the slightest change in the message produces a different digest. The message digest is generated using a set of hashing algorithms. For example:

% digest -a sha1 /var/log/syslog
61fafd21dcd3911998f561915f7ce8f10998fcdb

Here we use the digest(1) program to compute a sha1-style digest of the file /var/log/syslog. The resulting digest is the alphanumeric string shown.

Second, the computed message digest is encrypted using the sender’s private key. The resulting encrypted message digest is the digital signature.

The digital signature is attached (more on this soon) to the message that will be sent to the receiver. The receiver then performs the following three steps to verify that the message was not changed during transmission.

First, using the sender’s public key, the recipient decrypts the digital signature to obtain the message digest originally generated by the sender.

Second, using the same message digest algorithm originally used by the sender, the recipient generates another ...

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.