Thursday, December 16, 2004

Digital Signature Simplified

I was hit on this concept when i am working in customization of Configuration Management Application Block. Though, initially it didn't strike me, how best this can be leveraged in an application architecture. Later i realized how simple and effective this technique can be used to tamper-proof content delivery. If used along with a public/private key encryption, this can prove to be very effective in verifying authenticity of content.

Enough of my blabber, how D-S works:

Content author, uses a hash algorithm and gets a hash of the message {AKA message digest}, he then encrypts the hash using the private key. The "encrypted hash" is the D-S of the content. Usually delivered along with the orginal message/content.

Content consumer, uses the same hash algorithm to generate the hash and decrypts the signature using the public key. If hash matches, vola the receiver can be sure of the sender's identity and that the message arrived intact.

Looks solid and simple techinique for me. If needed we can also add "salting" techinique. I believe there is no perfect security, it's always 1 layer up and make sure we aren't hit by performance.

To end with an conspiracy theory, i am one of those, who strongly believes that some tactical project could be nudging closer to techinique of inverting {so called} trap door one-way function, its a TWILIGHT ZONE.

Ignorance is NO bliss in world of digial security!


Anonymous said...


Anonymous said...

Nice information provided. In this article you had explained Hash algorithm , can you please provide some highlight or idea on MD5 algorithm in next blog.
digital signature FAQ