Re: newbie: what does "sign the message digest" mean?



Basically heres what happens when you send a message using Digital Signatures/Certificates:

1. I take my message and run it through a hashing algorithm (such as MD5) to form a "digest."
2. Every device that communicates using Digital Signatures/Certificates has 2 different certificates....a Public Certificate, and a Private Certificate. The private certificate is NEVER shared. Once I run my message through the hash and obtain my "digest," I append my signature to it. My signature is a HASH of my Private Certificate. Along with the digest and my hashed signature, I also include my Public Certificate. Here is an example:

SENDER:
Step 1. Message123---->Hash---->M1ess2age3 (digest)
Step 2. Private Certificate---->Hash---->ada23d3e (signature)
Step 3. M1ess2age3 (digest) + ada23d3e (signature)=
M1ess2age3ada23d3e
Step 4. M1ess2age3ada23d3e + Public Certificate---->Encrypted
Step 5. Sent to Recipient

RECEIVER:
Step 1. Encrypted Message is unencrypted using session key
Step 2. Use Public Certificate from sender to verify that ada23d3e (signature) is valid.
Step 3. Use session key to "unhash" message if source is valid.

3. When the receiving device gets my message, it uses my Public Certificate to "unhash" my signature and verify that the message is truly from me. Once the message source is verified, the receiving device can then begin decoding the rest of the message.

Does that help?
Aaron


---------- Original Message ----------------------------------
From: Ravi Malghan <rmalghan@xxxxxxxxx>
Date: Wed, 14 Jun 2006 08:07:27 -0700 (PDT)

Hi: I am very new to cryptography. I am reading a book
and donot seem to understand the meaning of "sign the
message digest" even after reading the chapter several
times. Below is what the book describes

A sender wants to send a message called "Message"
securly

1. sender computes the message digest for "Message".
2. sender signs the message digest and attaches the
resulting digital signature plus the certificate to
the message. The result is Signed Message + Sender
Certificate + Signature
3. sender then encrypts the result from step 2 with a
random session key
.
.
and so on

What does the Step 2 mean. I understand what is
computing a message digest.
1. But don't understand what is "signs the message
digest".
2. How is "Signed Message" different from "Message"
3. What is a Signature?
Can someone explain?

Thanks
Ravi

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________






________________________________________________________________
Sent via the WebMail system at imcu.com







Relevant Pages

  • Re: newbie: what does "sign the message digest" mean?
    ... sender computes the message digest for "Message". ... Message + Sender Certificate + Signature ... A signed message is message + signature of the message. ...
    (Security-Basics)
  • newbie: what does "sign the message digest" mean?
    ... message digest" even after reading the chapter several ... sender computes the message digest for "Message". ... Certificate + Signature ...
    (Security-Basics)
  • Re: OT: More about GPG signing
    ... For me the name in sender has no value. ... the sender header of the many people can be ... Consider the same with PGP signature. ... have some Android tablet too. ...
    (Debian-User)
  • Re: OT: More about GPG signing
    ... that the sender is known to him. ... I have come to the conclusion that a GPG signature in these ... Debian has a few mailing-lists where only signed mail by a ... "One disk to rule them all, ...
    (Debian-User)
  • Re: RSA signature verification problem
    ... some knowledge on the overall digital signature verification. ... I want to verify the digital signature of a SignedData. ... -hash the message -> message digest ...
    (sci.crypt)