Embed Size (px)
Citation preview
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
1
Unit 3
Section 6.4: Internet Security
Digital Signatures and Certificates
Section 6.4
AQA Computing A2 © Nelson Thornes 2009 2
Digital Signatures and Certificates
To prove that an electronic message is genuine, a sender can digitally sign the message.
This means it can be detected if the message has been tampered with and the signature is proof that it has been sent by the correct person. Digital signatures use asymmetric encryption.
The process to send a message is as follows:
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
A digest (also known as a hash) is produced from the message using a hash function. The digest is a much reduced version of the original message (it is not possible to change a message digest back into the original message
from which it was created).
010010100010110100101010
DigestMessage
Hash Function
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The digest is then encrypted using the sender’s private key. The sender’s private key must be used instead of the receiver’s public key to prove it has been encrypted by the
sender. The encrypted digest result is the digital signature.
Encrypt using sender’s
private key
Digest
010010100010110100101010
11110010100101001010001010
Encrypted Digest (Digital
Signature)
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The encrypted digest (digital signature) is then appended to the original message.
Message
11110010100101001010001010
Digital Signature
Appended with
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The message and digital signature are then encrypted using the receiver’s public key. The receiver’s public key must be used here so that only the receiver can decrypt the message with the private key.
Message
11110010100101001010001010
00101010001100001010010011010100010010101010101001111101001100000
Encrypted MessageEncrypt using
receiver’s public key
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The encrypted message is then sent by electronic mail.
Send by e-mail00101010001100001010010011010100010010101010101001111101001100000
Encrypted Message
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
Digital Signatures and Certificates
The process to verify that a message is genuine is as follows:
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The message and signature are decrypted using the receiver’s private key.
Message
11110010100101001010001010
Decrypt using receiver’s private key
1111001010010100101000101011010010010111111110100100
Encrypted Message
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The decrypted message is then separated into the original message and digital signature.
11110010100101001010001010
Digital Signature
Message
11110010100101001010001010
Separate Digital Signature
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The digital signature (encrypted digest) is then decrypted using the sender’s public key. This proves it has been sent by the person who owns the private key.
010010100010110100101010
Decrypted Digest
Digital Signature
(Encrypted Digest)
11110010100101001010001010
Decrypt using sender’s
public key
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
A new digest is produced from the original message using the same hash function as the original digest.
010010100010110100101010
New Digest
Message
Hash Function
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
The decrypted digest is then compared to the new digest. If the decrypted digest is the same as the new digest then the message has not been tampered with.
010010100010110100101010
Decrypted Digest
010010100010110100101010
New Digest
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
Digital Signatures and Certificates
Although this process sounds complicated it is all handled by the signing software so the messages can be signed and received using a simple click.
Sign Here
AQA Computing A2 © Nelson Thornes 2009
Section 6.4
• Digital Signatures and Certificates
A digital certificate is issued by a certification authority.
It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key
A digital signature is created which is a digest of the sender’s public key and other details encrypted with the Private Key of CA. This is called the certificate.
Recipient can check with CA’s public Key that the certificate valid.
Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
Section 6.4
AQA Computing A2 © Nelson Thornes 2009 16
Generate hash
A’s public Key
Encrypt using CA’s Private key
Decrypt using CA’s Public Key
hash
CA’s Private Key
A’s public Key
Certificate Authority
Receiver’s Computer
Generate hash
A’s Certificate
CA’s Public Key
CA’s public KeyCertificate
Compare Hashes Receiver
Hash
Valid A’s Public Key
Hash
Company A’s public Key
A’s PublicKey
Key
