Filter
Top Products
Cryptography Overview
58 RSA BSAFE Crypto-C Developer’s Guide
1. Alice and Bob compose a contract in digital format. The file can be in any form,
such as a word processing file or an ASCII file.
2. Each party digests the file and encrypts the digest with their private key.
3. That encrypted digest is their digital signature.
4. The contract now consists of the file and the two copies of the encrypted digest,
one using Alice’s private key, the other using Bob’s private key. Everyone gets
copies of this contract.
The digital signature can be used to verify the data at a later time. Suppose that Bob
produces a file that is different from Alice’s. To discover which copy has been altered:
1. Digest the new copy.
2. Decrypt each party’s encrypted digest with the corresponding public key.
3. Compare the new digest to the old one.
4. If one of the new digests does not match the old one, that is the altered file.
If a file has been altered, it will produce a different digest, because it is virtually
impossible to produce data that will digest to a given value. Even if someone
could manipulate the digest, it would be extremely difficult to produce data that
has value to anyone.
The digital signature can also be used to verify that a message came from a given
person. What if Bob claims Alice forged his digital signature on the original
document? He might say her copy of his encrypted digest is not the true version.
However, the digest was encrypted using Bob’s private key, to which only Bob has
access. Therefore, it is unlikely that Alice forged Bob’s signature.
The following example shows how to verify a message and its signature. Suppose you
have the following information:
• A message
• An entity who claims to have sent the message
• A block of data 96 bytes long that purports to be the encrypted digest
To verify the message and the sender:
1. Request the possible sender’s 768-bit (96-byte) RSA public key from a certification
authority.
2. Use that public key to decrypt the 96-byte block of data.
3. If the decryption process results in a 16-byte output, you can say it is a message
digest. There is a message that will digest to those 16 bytes, but you do not yet
know what it is.