1. Basic ideas – digital signatures
• A key-pair is created – a public and private key Pv
• You keep the private key
Pu
• Anyone can have the public key.
Anyone could read
them, but they could
only have come from
Pv • Messages encrypted with the private key can be you
decrypted with the public key
• Messages encrypted with the public key can be
Pu
decrypted with the private key Only you can read
them, but they could
have come from anyone
2. So: – how do we have the best of both worlds –
messages that only you can read and only one
specific person could have created?
First approach.
• Sender writes a little message to you. “Hi this
message is from Sam”. They encrypt this message
with their private key and add the result to the main
message.
• They then encrypt the whole resulting message
with your public key – and send it to you.
• Anyone intercepting the message can’t read it
because they don’t have your private key. Could have
been copied
from another
message
• When you decrypt the message, you find this extra
bit. You use the senders public key to decrypt that.
If you have a good message .. It tells you ----- what?
3. So: – how do we have the best of both worlds –
messages that only you can read and only one
specific person could have created?
Better approach.
• Signature message is a HASH of the overall
message – valid only for this message.
Encrypted with their private key as before
• Steps two and three are the same, the message
is secure.
• When you decrypt the message, you find this Could have
been copied
hash. You use the senders public key to decrypt from another
it. Now you calculate the hash yourself, using message
the same algorithm. If the two hashes
match, you have a valid, signed message.