| |
A message digest is a short summary of a message (or file) that is
calculated from the message in a way that, if the message is altered at all,
the altered message won't produce the same message digest as the original
message.
Message digests are one way only. The receiver has to be able
to produce a message digest of the message as it was received, so the digesting
algorithm -- a hash function -- must be public. But privacy would be compromised
if you could reverse the digesting process to reproduce the message from the
message digest.
- Sue (aka Sender) uses her private key to digitally sign the original
text. Her PKC software:
- Calculates a message digest, a short, one-way summary of the original
text, and
- Encrypts the message digest with Sue's private key.
- The calculated and encrypted message digest is the digital signature;
it is attached to or stored with the original text, forming the signed
text.
- Sue sends the signed text to you.
- You use Sue's public key to verify the signature. Your PKC software:
- Decrypts the digital signature, the message digest that was encrypted
with the signer's private key; it uses Sue's public key to do this.
- Calculates a message summary from the text of the message as you
received it, and
- Compares the two message digests.
If the message digest that Sue sent you and the one that you calculate match,
it proves two things:
- That the original text hasn't been changed since it was signed, and
- That the message digest you received was really produced by Sue, whose
private key was used to sign it. (Otherwise, her public key would not have
successfully decrypted the message digest she sent.)
|
|
