Chapter Five. Digital Signatures

In the previous chapter we looked at how asymmetric algorithms, particularly RSA, can be used to achieve privacy. It turns out that there is another facet to asymmetric algorithms, known as digital signing, that is used to achieve authentication, integrity, and nonrepudiation. In this chapter, we look at how digital signatures work, and, in particular, we look at how RSA and DSA (Digital Signature Algorithm) are used to implement digital signatures. Both RSA and DSA are fully supported by the .NET Framework, so we look at complete programming examples to demonstrate these two signature techniques.

Digital signatures also require another type of cryptographic primitive, known as cryptographic hash algorithms. The two most commonly used cryptographic hash algorithms are SHA-1 and MD5. SHA-1 produces a 160-bit hash, and MD5 produces a 128-bit hash. For even greater security, SHA-256, SHA-384, and SHA-512 produce hash values with 256, 384, and 512 bits, respectively. All of these hash algorithms are supported by .NET out of the box. Since these hash algorithms are a prerequisite for working with digital signatures, we look at them first. Then, once we have seen how to build programs that make use of digital signatures, we look at how to generate, store, import, and export keys.