Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: newbie: what does "sign the message digest" mean?

From: "Vinod Gadgoli" <vinod.infosec () gmail com>
Date: Thu, 22 Jun 2006 15:39:32 +1000
Hi Ravi,
There are two kinds of cryptography
1. Symmetric Key - In which same key is used for both encryption and
decryption. this key is shared between the sender and the receiver.
The sender and receiver exchanges these keys in a secure manner as
acceptable to both the parties.

2. Asymmetric key cryptography
   it uses two keys, one is called public key and the other is called
private key.  Either one can be used for encryption/decryption, and
the other key is used for the reverse operation. for example, if u
encrypt a message using public key then it can be decryped using
private key (providing confidentiality)
if u encrypt using ur private key, u can only decrypt the message
using public key. In this case it provides authenticity to the
messange (No confidentiality, bcoz public keys are displayed publicly
on users home page etc.)
In short, signing means encrypting the message using ur private key.

HTH


On 6/15/06, Ravi Malghan <rmalghan () yahoo com> wrote:

Hi: I am very new to cryptography. I am reading a book
and donot seem to understand the meaning of "sign the
message digest" even after reading the chapter several
times. Below is what the book describes

A sender wants to send a message called "Message"
securly

1. sender computes the message digest for "Message".
2. sender signs the message digest and attaches the
resulting digital signature plus the certificate to
the message. The result is Signed Message + Sender
Certificate + Signature
3. sender then encrypts the result from step 2 with a
random session key
.
.
and so on

What does the Step 2 mean. I understand what is
computing a message digest.
1. But don't understand what is "signs the message
digest".
2. How is "Signed Message" different from "Message"
3. What is a Signature?
Can someone explain?

Thanks
Ravi

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com




--
Vinod Gadgoli
Systems Security Engineer  (MS Information Security)

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: