Cryptography Reference
In-Depth Information
sends the resulting
c
to the receiver. The receiver uses the public key (
e
,
n
) to
“d e c r y p t ”
c
. If the decrypted value is exactly equal to
m
, the message is veri-
fi ed. The receiver is confi dent that it was truly sent by somebody with access to
the private key. Note that, in this scenario, anybody can read
m
— it is sent in
cleartext. In this case, you're just proving identity. Of course, this sort of
digital
signature
can be easily combined with encryption. The sender could encrypt the
request, sign the encrypted value, and send that on for the receiver to verify.
An eavesdropper could, of course, decrypt the signature, but all he would get
is the encrypted string, which he can't decrypt without the key.
There's another benefi t to this approach as well. If anything changed in
transit — due to a transmission error or a malicious hacker — the decrypted
value won't match the signature. This guarantees not only that the holder of the
private key sent it, but that what was received is
exactly
what was sent.
There's one problem with this approach to digital signatures, though. You've
essentially doubled, at least, the length of each message. And, as you recall from
the previous chapter, public key cryptography is too slow for large blocks of
information. In general, you use public key operations to encode a symmetric
key for subsequent cryptography operations. Obviously, you can't do this for
digital signatures; you're trying to prove that somebody with access to the pri-
vate key generated the message. What you need is a shortened representation of
the message that can be computed by both sides. Then the sender can encrypt
that using the private key, and the receiver can compute the same shortened
representation, decrypt it using the public key and verify that they're identical.
Using Message Digests to Create Secure Document
Surrogates
Such a shortened representation of a message is referred to as a
message digest
. The
simplest form of a message digest is a
checksum
. Given a byte array of arbitrary
length, add up the integer value of each byte (allowing the sum to overfl ow),
and return the total, for example, Listing 4-1.
Listing 4-1:
checksum
int checksum( char *msg )
{
int sum = 0;
int i;
for ( i = 0; i < strlen( msg ); i++ )
{
sum += msg[ i ];
}
Search WWH ::
Custom Search