Up to this point, this Chapter has primarily focused on how symmetric and asymmetric encryption is used for confidentiality. Now let's focus on how asymmetric algorithms can be used for authentication. The application of asymmetric encryption for authentication is known as a digital signature. Digital signatures are much like a signature in real life, as the signature validates the integrity of the document and the sender. Let's look at an example of how the five basic steps work in the digital signature process:
Figure 12.6 illustrates this process and demonstrates how asymmetric encryption can be used for confidentiality and integrity.
Figure 12.6. The digital signature process.
Digital signatures provide integrity and authentication.
Part I: Exam Preparation
The Business Aspects of Penetration Testing
The Technical Foundations of Hacking
Footprinting and Scanning
Enumeration and System Hacking
Linux and Automated Security Assessment Tools
Trojans and Backdoors
Sniffers, Session Hijacking, and Denial of Service
Web Server Hacking, Web Applications, and Database Attacks
Wireless Technologies, Security, and Attacks
IDS, Firewalls, and Honeypots
Buffer Overflows, Viruses, and Worms
Cryptographic Attacks and Defenses
Physical Security and Social Engineering
Part II: Final Review
Part III: Appendixes
Appendix A. Using the ExamGear Special Edition Software