crypto:asymmetric:signature

About

A digital signature is:

a hash of a message
created with a secret

Usage

Digital signature schemes are used for:

sender authentication (no one can impersonate the sender, it proves that the message came from a particular sender)
and non-repudiation (The sender cannot deny having sent the message)

Postal Analogy

An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the unique seal authenticates the sender.

Key Usage

Asymmetric

In a asymmetric scheme (public key cryptography scheme), there is two keys:

the sender's private key signed the message (hash signatures are computed with the private key)
the sender's public key verifies the message (the receiver do it and it needs to know only the corresponding public key to verify the message)

An advantage of signing messages is that the public key and certificate are automatically send.

Symmetric

In a symmetric scheme, the same key is used to:

sign (create the hash)
verify (create the hash and verify that it's the same)

Example: JsonWebToken

Procedure

Signature

A signing algorithm given a message and a secret (private or shared key), produces a signature.

To sign a message, the sender

will compute the hash of the message with the secret
will add the encrypted hash (the signature) with the message.
will add its signed certificate to the message (in case of asymmetric scheme)

You can see an example of signature procedure with the issuing of certificate

Two ways

There are usually 2 ways to sign:

Signing method	Message Human Readable	Encryption difficulty
encapsulating the text message inside the signature (with delimiters)	Yes	Difficult
encoding the message altogether with the signature	no (message has been tampered with)	Simple (decryption with the embedded public key)

Verification

A signature verifying algorithm given a message, will either:

accepts: the signature hash is valid
or rejects: the signature hash is not valid)

the message's claim to authenticity:

The verification:

authenticate the sender. It proves that the sender had access to the shared or private key and is then a known sender
ensures that the message has not been altered. The signature is mathematically bound to the original message, the verification will fail for any other message (no matter how similar it is from the original one).

The recipient will:

recalculate the message hash,
decrypts the encrypted hash using:
- the public key stored in the signed certificate (asymmetric scheme)
- or the shared key (symmetric scheme)
check that both hash are equals
check the certificate (in case of asymmetric scheme)

¹⁾ ²⁾

¹⁾

wiki/Digital_signature

²⁾

http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html

Table of Contents

What is a Digital Signature? (Signing in Cryptography)