Download presentation
Presentation is loading. Please wait.
1
Unit 3 Section 6.4: Internet Security
Digital Signatures and Certificates
2
Digital Signatures and Certificates
To prove that an electronic message is genuine, a sender can digitally sign the message. This means it can be detected if the message has been tampered with and the signature is proof that it has been sent by the correct person. Digital signatures use asymmetric encryption. The process to send a message is as follows:
3
A digest (also known as a hash) is produced from the message using a hash function. The digest is a much reduced version of the original message (it is not possible to change a message digest back into the original message from which it was created). Message Digest Hash Function
4
The digest is then encrypted using the sender’s private key
The digest is then encrypted using the sender’s private key. The sender’s private key must be used instead of the receiver’s public key to prove it has been encrypted by the sender. The encrypted digest result is the digital signature. Encrypted Digest (Digital Signature) Encrypt using sender’s private key Digest
5
The encrypted digest (digital signature) is then appended to the original message.
Digital Signature Appended with
6
Encrypt using receiver’s public key
The message and digital signature are then encrypted using the receiver’s public key. The receiver’s public key must be used here so that only the receiver can decrypt the message with the private key. Message Encrypted Message Encrypt using receiver’s public key
7
The encrypted message is then sent by electronic mail.
Encrypted Message Send by
8
Digital Signatures and Certificates The process to verify that a message is genuine is as follows:
9
Decrypt using receiver’s private key
The message and signature are decrypted using the receiver’s private key. Message Encrypted Message Decrypt using receiver’s private key
10
Separate Digital Signature
The decrypted message is then separated into the original message and digital signature. Message Digital Signature Separate Digital Signature
11
The digital signature (encrypted digest) is then decrypted using the sender’s public key. This proves it has been sent by the person who owns the private key. Digital Signature (Encrypted Digest) Decrypt using sender’s public key Decrypted Digest
12
A new digest is produced from the original message using the same hash function as the original digest. Message Hash Function New Digest
13
The decrypted digest is then compared to the new digest
The decrypted digest is then compared to the new digest. If the decrypted digest is the same as the new digest then the message has not been tampered with. Decrypted Digest New Digest
14
Digital Signatures and Certificates Although this process sounds complicated it is all handled by the signing software so the messages can be signed and received using a simple click.
15
Digital Signatures and Certificates A digital certificate is issued by a certification authority. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.