Home page logo

basics logo Security Basics mailing list archives

Re: Digital signature Question
From: Francisco Andrades <fandrades () nextj com>
Date: Fri, 07 Nov 2003 10:22:26 -0400

Roger A. Grimes wrote:
It's that time of the month again, when I gain weight, retain water, and
feel stressed...it's time for me to bug the fine folks of this list with my
seemingly monthly question about public/private crypto stuff.  I've asked a
few questions over the months and the excellent responses have been
overwhelming.  I always get my answer (and enough wrong replies to make me
realize that I'm not the only one still trying to understand crypto even
after ten years in the security field).  So, thanks in advance to anyone who

Main Question:  When I hash a message to authenticate it, and then encrypt
the hash result with a private key to make a digital signature, is the
private key I'm using at that point (normally) a shared symmetric private
key or my private key from my private/public key pair?

As you mention there are two main ways to digitally sign a message:

1.- You create a hash of the message and then encrypt it with your private key (this is the signature).

2.- You create a hash of the message, generate a random symmetric key, encrypt the hash using this random session key (this is the signature), encrypt the session key with your private key and attach it to the message.

The first method should never be used, since the same message will always produce the same signature. The second method is a little more secure, but then again the same message and the same private session key will produce the same signature, allowing someone to recycle messages. If this is a concern for your system (and not always it's a concern) you have a few options:

* Use a random padding provided by the receiver.

* Use a timestamp. You attach the timestamp to the message *before* calculating the hash, but then again, the recipient must check the timestamps since a message could be reused.

* Use a random session key provided by the recipient (or provided by the key agreement protocol used).

I see many web sites (ex. www.whatis.com, and many others saying) that a
digital signature is made when the user uses their CA assigned private key
to encrypt the hash result.  But my understanding has always been that
private/public key crypto exists mainly to transport the more secure shared
symmetric private key that does the original signing/encrypting.

Hence, I think the answer is that the message hash is signed by the shared
symmetric private key and that key is they signed by the sender's private
key from the sender's private/public key pair.  Am I correct?

If so, when is the digital signature made?  At what point...when it is
signed by the symmetric private key or by the private key from the
private/public key pair?

The digital signature should be the hash of the plaintext message encrypted with the symmetric private key. The symmetric private key will then be encrypted using the asymmetric private key and attached to the message.

Francisco Andrades Grassi
Tlf: +58-414-125-7415

The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]