Menu
I'm newbie to encryption.
In Public Key Cryptography we have pair of keys - one for encryption and one for decryption.
In case Alice wants Bob to send her secret message, she publishes her encryption key (it'll be called public key) and keeps decryption key in secret (it'll be called private key). Bob encrypts message with Alice public key and Alice uses her private key to decrypt Bob's message.
Till now I think we all agree.
Now let's see what happen with signatures. Alice wants to send Bob a message and sign it to prove Bob that the message owned by her Alice. Signatures are intended to solve authentication problem. With Public Key Cryptography, signature is encrypted digest (e.g. checksum) of message with Alice private key and decrypted by Bob with Alice public key. Since only Alice knows it's private key, Bob can be sure that the message is from Alice.
This how signature is explained here:
Some Asymmetric Algorithms (public key algorithms) such as RSA allow the process to work in the opposite direction as well: a message can be encrypted with a private key and decrypted with the corresponding public key. If the recipient wants to decrypt a message with Bob's public key he/she must know that the message has come from Bob because no one else has sender's private key. Digital signatures work this way.
What I'm confused is what is this private key Alice uses for encryption of signature? Thus for signature we use:
299
Digital signatures use the PKI standard and the Pretty Good Privacy (PGP) encryption program because both reduce potential security issues that come with transmitting public keys. They validate that the sender's public key belongs to that individual and verify the sender's identity.
Since digital signature is created by 'private' key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.
The recipient uses the sender's public key to decrypt the digital signature's hash. The recipient's computer calculates the hash of the original file and compares it with the decrypted hash. If the two hashes match, the signature is verified.
The private key, as the name implies, is not shared and is used only by the signer to electronically sign documents. The public key is openly available and used by those who need to validate the signer's electronic signature.
The explanation of signatures as "encrypt with private key" is wrong. Well, mostly. It is a traditional explanation of how RSA signatures work, but actually it does not match how RSA signatures really work, because there is such a thing as "padding", which is about transforming data elements into big integers and back. The details of the padding are of paramount importance for the security -- and you will not use the same padding for encryption and for signatures.
Also, the view of signatures as "encrypt with the private key" can work only on asymmetric algorithms which use a "trapdoor permutation", and many signature algorithms do not (e.g. DSA). So I suggest forgetting that explanation, it is, at best, confusing.
A signature algorithm is generated over a given message, using a private key. It is verified over a message and a public key; if the public key is the one corresponding to the private key used to generate the signature, the verification algorithm will say "ok" only if this is the same message (or, more precisely, it is supposed to be computationally unfeasible to find a distinct message which the verification algorithm will nonetheless accept). So signatures are a kind of "asymmetric" algorithm because they use a key pair, one being public and the other private.
There are a few key pair types (in practice, RSA key pairs) which can be used both for signatures and encryption (with, respectively, the RSA signature algorithm and the RSA encryption algorithm -- which are not the same algorithm, although they share the same mathematical core operation). You may technically use the same key pair for both; however, this is not recommended:
There might be implied weaknesses due to interactions between the algorithms. There have been few studies on that subject. Although the padding differences should prevent these, there is no proof.
Encryption keys and signature keys have distinct life cycles. See this answer for details (in short words: you want to backup the encryption private key, and not the signature private key, so they cannot be the same key).
If some serious weakness was found in RSA, you would want to replace your keys with keys for other algorithms, and there is no guarantee that the replacement encryption and signature algorithms would still be able to share the same key type.
67
You can have only one pair of keys and publish only one public key which can be used to encrypt messages sent to you and to check message signatures created by you. The setup can be more sophisticated with additional keys/subkeys for different purposes but it is not required.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
