digital signature

Answered Question
Mar 13th, 2010
User Badges:
  • Bronze, 100 points or more

Hi  every body.


It has been a long a while since i  last posted, when this side used to be cisco net pro.



I  was reading about digital signature in my book.


Here is what my book says:


"   First the information is put through a message digest or hash function. The hash function creates a checksum of the information. Thischecksum is then encryptyed by user's private key. The information and the encrypted checksum  aresent to the receiverof the information"




I just want to know if the information is also encrypted by the private key by sender?   My book does not hint aboput it. All it says the checksum is encrypted by private key which is then sent along with information to receiver. It is not cleared  if the information is also encrypted or not.



Thanks  and have a nice weekend.

Correct Answer by Sean Merrow about 7 years 4 months ago

Hello,


Digital signature is not intended for confidentiality.  It is only intended for data integrity (the data has not been changed since it was signed) and for non-repudiation (somebody can't say that they didn't send you the data).  Therefore the data is not encrypted.  If you need confidentiality so that nobody with a network capture utility can see the data, then you would need to use encryption.


For digital signature, the sender (signer) signs the data with his/her private key and the receiver verifies the signature with the sender's public key.  If the checksum can be decrypted with the sender's public key, then it must have been encrypted using the sender's private key (non-repudiation).


For data encryption, the sender uses the receiver's public key to encrypt the data.  The only key that can now be used to decrypt the data is the receiver's private key.  Hence only the receiver can decrypt the data.


Hope this helps,

Sean

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Sean Merrow Tue, 03/16/2010 - 08:08
User Badges:
  • Silver, 250 points or more

Hello,


Digital signature is not intended for confidentiality.  It is only intended for data integrity (the data has not been changed since it was signed) and for non-repudiation (somebody can't say that they didn't send you the data).  Therefore the data is not encrypted.  If you need confidentiality so that nobody with a network capture utility can see the data, then you would need to use encryption.


For digital signature, the sender (signer) signs the data with his/her private key and the receiver verifies the signature with the sender's public key.  If the checksum can be decrypted with the sender's public key, then it must have been encrypted using the sender's private key (non-repudiation).


For data encryption, the sender uses the receiver's public key to encrypt the data.  The only key that can now be used to decrypt the data is the receiver's private key.  Hence only the receiver can decrypt the data.


Hope this helps,

Sean

Actions

This Discussion