Page 437 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 437
Digital Signatures
Once you have chosen a cryptographically sound hashing algorithm,
you can use it to implement a digital signature system. Digital
signature infrastructures have two distinct goals:
Digitally signed messages assure the recipient that the message
truly came from the claimed sender. They enforce nonrepudiation
(that is, they preclude the sender from later claiming that the
message is a forgery).
Digitally signed messages assure the recipient that the message
was not altered while in transit between the sender and recipient.
This protects against both malicious modification (a third party
altering the meaning of the message) and unintentional
modification (because of faults in the communications process,
such as electrical interference).
Digital signature algorithms rely on a combination of the two major
concepts already covered in this chapter—public key cryptography and
hashing functions.
If Alice wants to digitally sign a message she’s sending to Bob, she
performs the following actions:
1. Alice generates a message digest of the original plaintext message
using one of the cryptographically sound hashing algorithms, such
as SHA3-512.
2. Alice then encrypts only the message digest using her private key.
This encrypted message digest is the digital signature.
3. Alice appends the signed message digest to the plaintext message.
4. Alice transmits the appended message to Bob.
When Bob receives the digitally signed message, he reverses the
procedure, as follows:
1. Bob decrypts the digital signature using Alice’s public key.
2. Bob uses the same hashing function to create a message digest of
