Digital Signatures
Digital signatures are implemented through public-key encryption and are used to verify the origin and contents of a message.
One advantage of public-key encryption is that the recipient of successfully decrypted message knows that it was sent by the owner of the private key. This is known as authentication. However, encrypting messages with a private key is a relatively slow process particularly if the message is a long one. Instead a system of digital signatures is used.
A digital signature is prepared by first passing the message through a one-way cryptographic function to calculate the message digest. This digest is much smaller than the original message and can be quickly encrypted with the private key to produce a signature which is then added to the original message.
The recipient of the digital signature can be sure that the message really came from the sender. And, because changing even one character in the message changes the message digest in an unpredictable way, the recipient can be sure that the message was not changed after the message digest was generated.
Authentication can be further strengthened by the use of digital certificates.
Digital Certificates
Before encrypting and transmitting sensitive information it is important to ensure that the public key being used does indeed belong to the intended message recipient and not someone masquerading as them.
One method of doing this is to use a trusted third party or certificate authority (CA). Owners of public keys submit them to a CA along with proof of identity and the CA then digitally signs and issues a certificate which verifies that the public key attached to the certificate belongs to the party stated.
Digital certificates provide the basis for secure electronic transactions as they enable all participants in a transaction to quickly and easily verify the identity of the other participants.
Related Posts:
- Enabling Technologies – Frequently Asked Questions (FAQ) - TweetWhy is encryption needed for Web commerce? Encryption performs four key functions which enable secure Web transactions to take place: Authentication allows customers to be...
- Enabling Technologies – Secure Sockets Layer (SSL) - TweetNetscape’s Secure Sockets Layer (SSL) protocol is currently the most widely used method for performing secure transactions on the Web and is supported by most...
- Enabling Technologies – Public Key Encryption - Tweet Public-key encryption, or asymmetric encryption involves the use of two keys, one that can be used to encrypt messages (the public key) and one...
- Enabling Technologies – Secure Electronic Transactions (SET) - TweetSET is the Secure Electronic Transaction protocol developed by Visa and MasterCard specifically for enabling secure credit card transactions on the Internet. It uses digital...
- Enabling Technologies – Secret Key Encryption - TweetSecret-key encryption, also known as single-key or symmetric encryption, involves the use of a single key that is shared by both the sender and the...
You must log in to post a comment.