Page 438 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 438
the full plaintext message received from Alice.
3. Bob then compares the decrypted message digest he received from
Alice with the message digest he computed himself. If the two
digests match, he can be assured that the message he received was
sent by Alice. If they do not match, either the message was not sent
by Alice or the message was modified while in transit.
Digital signatures are used for more than just messages.
Software vendors often use digital signature technology to
authenticate code distributions that you download from the
internet, such as applets and software patches.
Note that the digital signature process does not provide any privacy in
and of itself. It only ensures that the cryptographic goals of integrity,
authentication, and nonrepudiation are met. However, if Alice wanted
to ensure the privacy of her message to Bob, she could add a step to
the message creation process. After appending the signed message
digest to the plaintext message, Alice could encrypt the entire message
with Bob’s public key. When Bob received the message, he would
decrypt it with his own private key before following the steps just
outlined.
HMAC
The hashed message authentication code (HMAC) algorithm
implements a partial digital signature—it guarantees the integrity of a
message during transmission, but it does not provide for
nonrepudiation.
Which Key Should I Use?
If you’re new to public key cryptography, selecting the correct key
for various applications can be quite confusing. Encryption,
decryption, message signing, and signature verification all use the
same algorithm with different key inputs. Here are a few simple
