All geek questions in one place

Public Key Digital Signature

I am new to encryption.

In public-key cryptography, we have a pair of keys — one for encryption and one for decryption.

In case Alice wants Bob to send her secret message, she issues her encryption key (it will be called the public key) and she will keep the decryption secret key (he will be called the private key). Bob encrypts Alice’s public key message, and Alice uses her private key to decrypt Bob’s message.

So far, I think we all agree.

Now let's see what happens with signatures. Alice wants to send Bob a message and sign it to prove to Bob that the message belongs to her Alice. Signatures are designed to solve the authentication problem. Using public key cryptography, a signature is an encrypted digest (for example, a checksum) of Alice’s private key message and Bob’s decrypted public key of Alice. Since only Alice knows the secret key, Bob can be sure that the message is from Alice.

This is like a signature explanation here :

Some asymmetric algorithms (public key algorithms), such as RSA, allow the process to work in the opposite direction: a message can be encrypted using a private key and decrypted using the corresponding public key. If the recipient wants to decrypt the message using Bob's public key, he / she should know that the message came from Bob because no one else has the sender's private key. Digital signatures work the way.

What bothers me is that this private key uses to encrypt the signature? Thus, for signature, we use:

  • the same set of keys used to send secure messages from Bob to Alice that the same secret key used by Alice to decrypt the message received from Bob can be used to encrypt the digest of the message sent by Alice back to Bob or ...
  • An additional pair of encryption / decryption keys used to sign Alice's messages, where Alice publishes the decryption key for the pair.
+6
source share
2 answers

Explanation of signatures as “private key encryption” is incorrect . Well, basically. This is a traditional explanation of how RSA signatures work, but actually it doesn’t match how RSA signatures really work, because there is such a thing as “padding” that converts data elements to large integers and vice versa. Gasket details are of paramount importance for security - and you will not use the same add-ons for encryption and for signatures.

In addition, representing signatures as "private key encryption" can only work on asymmetric algorithms that use "hatch swap", and many signature algorithms do not matter (for example, DSA ). Therefore, I propose to forget this explanation, it is, at best, confusing.

A signature algorithm is generated on this message using the private key. It is checked on the message and public key; if the public key is the one corresponding to the secret key used to generate the signature, the verification algorithm will say “ok” only if it is the same message (or, more precisely, it is assumed that it is computationally impossible to find a separate message that, nevertheless, less will verify the verification algorithm). Thus, signatures are a kind of “asymmetric” algorithm, because they use a key pair, one of which is publicly available and the other is private.

There are several types of key pairs (in practice, RSA key pairs) that can be used for both signatures and encryption (with the corresponding RSA signature algorithm and RSA encryption algorithm) that are not the same algorithm, although they have one and the same mathematical kernel operation). You can technically use the same key pair for both; however, this is not recommended:

  • There may be implied flaws due to the interaction between the algorithms. Little research has been done on this. Although differences in filling should prevent them, there is no evidence.

  • Encryption keys and signature keys have different life cycles. See this answer for more details (in short: you want to back up the private encryption key, not the private signing key, so they cannot be the same key).

  • If any serious weakness is found in RSA, you will want to replace the keys with keys for other algorithms, and there is no guarantee that the encryption and signature algorithms will still be able to use the same key type.

+3
source

You can have only one key pair and publish only one public key, which can be used to encrypt the messages you send and verify the signatures you created. Customization may be more complicated with additional keys / subkeys for different purposes, but this is not required.

+2
source

Source: https://habr.com/ru/post/901373/

More articles:


All Articles