Re: gsu (Was Re: More Political Stuff)

[michaeld senet com au]

Sean Middleditch wrote:
> > On Wed, 30 Aug 2000, Sean Middleditch wrote:
> >
> > Digital signatures are computed from the checksum of the file and a
> > private key in such a way that to check the authenticity of the key, only
> > a publicly available key is required, but to generate the key, a secret
> > key is required.  To 'just copy the signature..' you would need to be able
> > to break a scheme like RSA.
> 
> .... So the entire message is encoded, or is merely an additional
> signature added to a message/data?  I think perhaps I've gotten a
> mis-representation of the storage mechanism used here... (nothing new, I
> might add  ~,^  )
> 

Ok, just to try and clarify, you compute a Message Digest (ie a checksum, a
hash) over the data (email message, tarball etc), knowing that it is
computationally infeasible to generate another piece of data which computes to
the same Message Digest.  For this you use something like MD5, or even better
SHA-1.

You then sign the Message Digest using an asymmetric key, that is with your
private key, so that anyone with access to your public key can extract the hash,
verify the contents of the data by computing the hash over the message
themselves and comparing it to the hash extracted using the public key.  That
way they know that you provided the hash to the data, and that no-one has
modified it since.  Asymmetric key cryptography is most commonly called Public
Key cryptography, and you use algorithms like RSA or DSA.

Hope my chicken scratchings clarify rather than confuse,

-- 
Michael Davies                     "I can't remember 
mailto:michaeld@senet.com.au        if I cried,  when I
http://www.senet.com.au/~michaeld   read about Windows95"


-------------------------------------------
This message was sent using SE Net Webmail.
http://webmail.senet.com.au/