Alice's side:
> Takes EM, decrypts it with her private key.
> Gets plaintext M
> Takes DS, decrypts it with Bob's public key
> Gets a copy of message digest, MD1
> Uses same hash algorithm to turn message into MD2
> If MD1 and MD2 match, she keeps the message. If not, it is discarded.
What did we achieve?
1. Confidientiality: M is encrypted
2. Integrity: If any part of the message is altered, the MDs will not match
3. Authentication: only Bob could have sent the message
4. Non-repudiation: Bob can't deny it later. The massage has his signature.
5. Certification: The concept of digital signatures can be extended to provide certification as well.
Certification:
A software certificate is digitally signed by the Certificate Authority.
CA's: Certisign, Verisign, IBM, ATT, Microsoft
Creating a certificate:
> Take server info
> Hash it to get MD
> Encrypt with private key of CA
> EMD
> EMD and server info together make the X.509 Certificate
This process is done at the CA side.
The certificate is provided to the webserver.
Verification of server info byh client:
> Hash server info, get MD
> Decrypt MD with CA's public key
> Check if MD1 and MD2 match.
> If yes, server is authorized.
This is done client side.
Browser has a copy of all valid CA's public keys.
Index