A digital signature is a hash value that has been encrypted with the sender’s private key. The act of signing means encrypting the message’s hash value with a private key. When the recipient receives the message, they perform their own hashing function on the message you sent to come up with a hash value. This hashing function takes place without the use of any keys. The recipient then decrypts the sender’s hash value with the sender’s public key. The recipient then compares the decrypted hash value of the sender to theirs. If these hash values match, then the recipient knows the message has not been altered during transmission, verification of the sender’s identity and the message came from the recipient.
Question: What is so special about a digital signature?
Question: Yeah but, when would I have to use this digital signature?
When I was contracting at Ford back in 2008, one of my responsibilities was to complete these waste water discharge reports each month for the Ford Environmental Engineer. They would review the report for mistakes, and send it back to me to correct. I must add this was not part of the contract but you do what you have to do. Once reconciled, the engineer would digitally sign the waste water discharge report with their Ford issued digital signature then send it on to the Department of Environmental Quality (DEQ) through their web based application. It was digitally signed for the reasons stated above. The report would not be accepted without this digital signature. Before the process of digitally signing these waste water discharge reports, hard copies were signed by hand and mailed to the DEQ.
Question: So does a Digital Signature encrypt my message?
No a digital signature does not encrypt the actual message; henceforth, a digital signature does not provide confidentiality. Confidentiality means the message itself is unintelligible to all except authorized person(s). The only thing that is encrypted with a digital signature is the hash value, not the message itself. This means that a digitally signed message can be read by an attacker who eavesdropped on the message in transit. Confidentiality is accomplished by encrypting the message itself. In order to encrypt the message you need the recipient’s public key which you can obtain if they digitally sign a message and send it to you. You encrypt the message asymmetrically with the recipient’s public key. The recipient then decrypts the message with their private key.
If you wish to attain confidentiality, integrity, authentication, and non-repudiation you can both digitally sign and encrypt the message.
For those of you interested in getting a FREE digital signature to sign and encrypt e-mails, you can go to the following web-link http://www.comodo.com/home/email-security/free-email-certificate.php
Asim Underwood, MSCIS, Security+
