Re: Keyed hash vs Digital signature ????

For DSIGs you usually use certificates. They add authentication to public keys. Otherwise it is not possible to verify that you are really using the right public key (besides you received the pub key using an out of band method like on a CD, verbal or a fax etc).

Certs can be made available in various ways - e.g. you can embed them in the signature, make them downloadable and so forth.

Have a look at the System.Security.Cryptography.X509Certificates and Pkcs namespace - here's also a sample app that does signing/encryption using certs:
http://www.leastprivilege.com/CrypterPKRTMVersion.aspx


dominick

In which form in that case everybody can access the public key then ?
If you wnat that everybody can verify a file signature, everybody
should
know how it has been build no ?
For example if I signe a file with that way :

Dim signer as RSACryptoServiceProvider= new RSACryptoServiceProvider
signer.SignData(Data, new SHA1CryptoServiceProvider)

Then for verify the signature I need to use
signer.VerfyData(Data, new SHA1CryptoServiceProvider, signature)
or can it be so that as long as you provide a signature and a file,
any application have enough information to verify it ?

thnaks fro help
"Dominick Baier" wrote:
The underlying key types and crypto technologies are different.

HMACS are typically used with symmetric keys (typically a 1-1
relationship
between sender and receiver using a shared key)
DSIGs are typcially used with asymmetric keys (a 1-n relationship,
one can
form a DSIG, everybody with access to the pub key can verify it)
dominick
www.leastprivilege.com
Dear all,

I am a bit confuse with hashing and Digitaly sign data.
I have understand that hashing a file with a keyed Hash class, you
are
protecting hash value to be modified becasue it is regenerated with
a
secret
key exanged between the sender and receiver. The receiver will then
trust the
sender about the source of the information
Now I have check the Digital Signature feature which is doing
similar
thing
except I understand that it add one more level which is the
signature
which
wrapp the encrypted data and the hash.
I have read that signature prove also that data has been generated
and
issue
by a trust sender... Similar as a keyed hash then
What is the benfits then to sign if Keye hasing get same result ?
thnaks for help
regards
serge


.

Relevant Pages

  • Re: Keyed hash vs Digital signature ????
    ... Otherwise it is not possible to verify that you are really using the ... If you wnat that everybody can verify a file signature, ... I have understand that hashing a file with a keyed Hash class, ... key exanged between the sender and receiver. ...
    (microsoft.public.dotnet.security)
  • Re: Keyed hash vs Digital signature ????
    ... "Dominick Baier" wrote: ... If you wnat that everybody can verify a file signature, ... I have understand that hashing a file with a keyed Hash class, ...
    (microsoft.public.dotnet.security)
  • Re: how can we restrict what certificate WSE will use?
    ... > X509SecurityTokenManager to verify the request is from a trusted client. ... > certificate to build a valid signature and encrypted data section. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: problem verifying XML signature
    ... I've just tried to verify your signature using v2.0, ...
    (microsoft.public.dotnet.security)
  • Re: Check EXE for MY signature only
    ... signature - but at least the code-signing certificate would reveal WHO ... I am trying to figure out how to verify that a dll is signed by my own ... I should probably compare the public key, ...
    (microsoft.public.platformsdk.security)