- Message signing binds the identity of the message source to this message, authenticating that you have yourself assured the authenticity of the message
- Authenticating that you have yourself assured the authenticity of the message (most of the time it means you are the author, but not necessarily).
- It ensures data integrity, message authentication, and non-repudiation
- When you sign a message, then it creates something like a checksum of the message content in combination with data from the key, which can be verified against a public key.
- This does not make a message unreadable to anyone, but can verify that the message really originated from the sender and was not altered since.
- Message can be a text message, or someone else’s certificate
- When signing, you use your private key to write message’s signature, and they use your public key to check if it’s really yours. A digital signature permits an unbiased trusted third party (agreed upon in advance) to resolve the dispute without requiring access to the signers’ secret information (private keys).
- Advantage of signing your messages is that you transmit your public key and certificate automatically to all your recipients.
To sign a message
- Create its hash,
- encrypt the hash with your private key,
- Add the encrypted hash
- Signed certificate with the message
- The recipient will recreate the message hash,
- decrypts the encrypted hash using your well known public key stored in your signed certificate
- check that both hash are equals and
- Finally check the certificate.
2 ways to sign
- Encapsulating the text message inside the signature (with delimiters). Advantage here is that the message is human readable allowing any non-complaint client to pass the message as is for the user to read.
- Encoding the message altogether with the signature. This form is a very simple encryption form as any software can decrypt it if it can read the embedded public key. This process does not even allow reading part of the message if it has been tampered with.
Dimit Chadha SECURITY
security security Keys signing encryption digital certificate message security