2.6 Digital Signatures

You can use public key authentication to produce "digital signatures." These signatures have a very desirable characteristic namely, it is computationally infeasible for anyone without the private key to produce a signature that will verify for a given message. Modern digital signatures consist of (1) a message and (2) a message digest of that message asymmetrically transformed under a private key of the signer. See Figure 2-5.

Because message digests are short, fixed-length quantities, the slowness of public key algorithms has minimal effects on processing. The critical need to be sure you are using the right public key still exists, however, and is usually addressed by certificates.

Real digital signature systems have many more complexities than this brief description suggests. The actual quantity being secured by asymmetric transformation under a private key typically includes not just the critical message digest value, but also two other items:

• Identification of the message digest function

• Possibly other information such as date signed or key identifier

This information is formatted so that a signature verifier can parse it. The verifier uses the asymmetric algorithm, public key, and material transformed under the private key (including the message digest value, which it computes over the plain text) to verify that the corresponding private key signed it. In addition, the overall signed message must use some known format so that the system can separate the signature and possibly key identification information from the signed message information.