Security Basics mailing list archives
Re: newbie: what does "sign the message digest" mean?
From: "Aaron Rohyans" <aaronr () imcu com>
Date: Wed, 14 Jun 2006 20:23:22 -0600
Basically heres what happens when you send a message using Digital Signatures/Certificates: 1. I take my message and run it through a hashing algorithm (such as MD5) to form a "digest." 2. Every device that communicates using Digital Signatures/Certificates has 2 different certificates....a Public Certificate, and a Private Certificate. The private certificate is NEVER shared. Once I run my message through the hash and obtain my "digest," I append my signature to it. My signature is a HASH of my Private Certificate. Along with the digest and my hashed signature, I also include my Public Certificate. Here is an example: SENDER: Step 1. Message123---->Hash---->M1ess2age3 (digest) Step 2. Private Certificate---->Hash---->ada23d3e (signature) Step 3. M1ess2age3 (digest) + ada23d3e (signature)= M1ess2age3ada23d3e Step 4. M1ess2age3ada23d3e + Public Certificate---->Encrypted Step 5. Sent to Recipient RECEIVER: Step 1. Encrypted Message is unencrypted using session key Step 2. Use Public Certificate from sender to verify that ada23d3e (signature) is valid. Step 3. Use session key to "unhash" message if source is valid. 3. When the receiving device gets my message, it uses my Public Certificate to "unhash" my signature and verify that the message is truly from me. Once the message source is verified, the receiving device can then begin decoding the rest of the message. Does that help? Aaron ---------- Original Message ---------------------------------- From: Ravi Malghan <rmalghan () yahoo com> Date: Wed, 14 Jun 2006 08:07:27 -0700 (PDT)
Hi: I am very new to cryptography. I am reading a book and donot seem to understand the meaning of "sign the message digest" even after reading the chapter several times. Below is what the book describes A sender wants to send a message called "Message" securly 1. sender computes the message digest for "Message". 2. sender signs the message digest and attaches the resulting digital signature plus the certificate to the message. The result is Signed Message + Sender Certificate + Signature 3. sender then encrypts the result from step 2 with a random session key . . and so on What does the Step 2 mean. I understand what is computing a message digest. 1. But don't understand what is "signs the message digest". 2. How is "Signed Message" different from "Message" 3. What is a Signature? Can someone explain? Thanks Ravi __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
________________________________________________________________ Sent via the WebMail system at imcu.com
Current thread:
- newbie: what does "sign the message digest" mean? Ravi Malghan (Jun 14)
- Re: newbie: what does "sign the message digest" mean? Ansgar -59cobalt- Wiechers (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Vinod Gadgoli (Jun 22)
- <Possible follow-ups>
- Re: newbie: what does "sign the message digest" mean? simonis (Jun 15)
- Re: newbie: what does "sign the message digest" mean? Aaron Rohyans (Jun 15)