 |
 |
 |
| Cryptography | |||
| Digital Signature | |||
| We said that security provides four services in relation to a single message: privacy, authentication, integrity, and nonrepudiation. | |||
| We have already discussed privacy. The other three can be achieved by using what is called digital signature. | |||
| The idea is similar to the signing of a document. When we send a document electronically, we can also sign it. | |||
| We have two choices: We can sign the entire document, or we can sign a digest (condensed version) of the document. | |||
| Signing the Whole Document | |||
| Public-key encryption can be used to sign a document. However, the roles of the public and private keys are different here. | |||
| The sender uses her private key to encrypt (sign) the message just as a person uses her signature to sign a paper document. | |||
| The receiver, on the other hand, uses the public key of the sender to decrypt the message just as a person verifies from memory another person's signature. | |||
| Signing the Digest | |||
| We said before that public-key encryption is efficient if the message is short. Using a public key to sign the entire message is very inefficient if the message is very long. | |||
| The solution is to let the sender sign a digest of the document instead of the whole document. | |||
| The sender creates a miniature version or digests of the document and signs it; the receiver then checks the signature on the miniature. | |||
| To create a digest of the message, we use a hash function. The hash function creates a fixed-size digest from a variable-length message. | |||
|
|||