A digital guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the content were altered. The two major applications of digital signatures are for setting up a secure connection to a Web site and verifying the integrity of files transmitted (more below).
An Encrypted Digest
The digital signature is an encrypted digest of the file (message, document, driver, program) being signed. The digest is computed from the contents of the file by a one-way hash function such as MD5 or SHA-1 (see MD5 and SHA-1) and then encrypted with the private part of a public/private key pair (see RSA). To prove that the file was not tampered with, the recipient uses the public key to decrypt the signature back into the original digest, recomputes a new digest from the transmitted file and compares the two to see if they match. If they do, the file has not been altered in transit by an attacker. See MD5.
An Encrypted Digest
A digital signature is an encrypted digest of a file. The digest was created with a one-way hash function from the file's contents.
Signed Certificates
The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a Web site in order to establish an encrypted connection for credit card and other confidential data (see SSL and digital certificate).
Signed Files
The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a Web site. Code signing also uses signed digital certificates to verify the identity of the site (see code signing and digital certificate). Also see digital envelope and electronic signature.
The Illustrations Below
The following two illustrations show how digital signatures are used for data integrity in both non-private and private exchanges. Because of the requirement of disseminating keys, the following methods are used mostly between two parties that communicate with each other on a regular basis and not by the public in general. The references to the man and woman are used to help explain the concept; however, all functions are automatically performed by the software.
Integrity, But No Privacy
The woman makes her message tamper proof by encrypting the digest into a "digital signature," which accompanies the message. At the receiving side, the man uses her public key to verify the signature. However, the message text is sent "in the clear" and could be read by an eavesdropper.
Message Integrity and Privacy
In this example, the woman signs her message and also encrypts the signature and message with the man's public key for privacy (confidentiality). When he receives the encrypted signed message, he decrypts it with his private key to expose the text he can now read along with the signature. He then verifies the signature to ensure the message was not tampered with.
An Encrypted Digest
The digital signature is an encrypted digest of the file (message, document, driver, program) being signed. The digest is computed from the contents of the file by a one-way hash function such as MD5 or SHA-1 (see MD5 and SHA-1) and then encrypted with the private part of a public/private key pair (see RSA). To prove that the file was not tampered with, the recipient uses the public key to decrypt the signature back into the original digest, recomputes a new digest from the transmitted file and compares the two to see if they match. If they do, the file has not been altered in transit by an attacker. See MD5.
An Encrypted Digest
A digital signature is an encrypted digest of a file. The digest was created with a one-way hash function from the file's contents.
Signed Certificates
The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a Web site in order to establish an encrypted connection for credit card and other confidential data (see SSL and digital certificate).
Signed Files
The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a Web site. Code signing also uses signed digital certificates to verify the identity of the site (see code signing and digital certificate). Also see digital envelope and electronic signature.
The Illustrations Below
The following two illustrations show how digital signatures are used for data integrity in both non-private and private exchanges. Because of the requirement of disseminating keys, the following methods are used mostly between two parties that communicate with each other on a regular basis and not by the public in general. The references to the man and woman are used to help explain the concept; however, all functions are automatically performed by the software.
Integrity, But No Privacy
The woman makes her message tamper proof by encrypting the digest into a "digital signature," which accompanies the message. At the receiving side, the man uses her public key to verify the signature. However, the message text is sent "in the clear" and could be read by an eavesdropper.
Message Integrity and Privacy
In this example, the woman signs her message and also encrypts the signature and message with the man's public key for privacy (confidentiality). When he receives the encrypted signed message, he decrypts it with his private key to expose the text he can now read along with the signature. He then verifies the signature to ensure the message was not tampered with.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Photos: Top 10 reviews of the week
- Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box. by CNET News.com
- Image galleries 2008-09-06
- Good news on the Dell netbook front
- Just a quick update now that I have a minute to sit down tonight. I heard from my Dell rep this afternoon that, although it's not available on the Dell K-12 education pages, the Inspiron Mini 9 is available to all education customers in quantity. Here's...
- Blog posts 2008-09-05
- Numark iDJ2 Mixing Console for iPod
- Photo gallery:Numark iDJ2When Numark unveiled the first iDJ iPod mixer in 2005, the half-baked product required two iPods, and lacked many essential features. After three years back at the drawing board, Numark's iDJ2 ($599 retail, $499 street) finally makes good on the promise of a professional iPod DJ mixer....
- Product reviews 2008-09-05
- Microsoft builds $300M cathedral to Bill Gates, hires Jerry Seinfeld as Pope
- Microsoft builds $300M cathedral to Bill Gates, hires Jerry Seinfeld as PopeThat's what I thoughtThe ad was about nothing except of course Bill. It is unclear why this ad was made.Who in the world is this "journalist"?http://en.wikipedia.org/wiki/Mitch_Ratcliffe"I see you baby ...... shakin that ass -shakin that ass."http://www.brandrepublic.com/bulletins/digital/article/548871/publicis-dialog-puns-ass-shaking-new-renault-viral/RE: Microsoft builds $300M...
- Discussion threads 2008-09-05
- What went wrong with Joost's desktop client?
- The news broke today that Joost, the company which in a lot of ways was on the forefront of rich media, is canning its signature desktop client in favor of a purely web based portal. As a big proponent of desktop applications in general, and especially these hybrid applications which...
- Blog posts 2008-09-05
- Mainstream media writes Windows obit
- Wow, a tough day for Windows. BusinessWeek reports that HP, the world's biggest PC company, is so troubled by Vista's 'tepid reception' and Apple's resurgence that it is developing its own operating system. Meanwhile a New York Times columnist writes on his blog that Windows is "already...
- Blog posts 2008-09-05
- The Office (2.0): No paper? No problem.
- I think I may have been the only person at this week's Office 2.0 conference using - gasp! - a pen and paper. There was no program "book" when I registered - the agenda was online only. And none of the exhibitors handed out press releases on paper - though...
- Blog posts 2008-09-05
- News to know: Windows 7; Patch preview; Office 2.0; Dell
- Here are today's notable headlines. You can get News To Know via email alert and RSS daily: Ryan Naraine: Critical WMP, MS Office bugs on Patch Tuesday swat list Dancho Danchev:Malware and spam attacks exploiting Picasa and ImageShack Mary Jo Foley:...
- Blog posts 2008-09-05
- Critical WMP, MS Office bugs on Patch Tuesday swat list
- Microsoft today announced plans to ship four security bulletins next Tuesday (September 9, 2008) to cover worm holes affecting Windows users. All four bulletins in September's Patch Tuesday will be rated "critical," Microsoft's highest severity rating. A "critical" rating is used to rate a vulnerability that can...
- Blog posts 2008-09-04
- BREAKING: Sony recalls 440,000 Vaio laptops
- BREAKING: Sony recalls 440,000 Vaio laptopsAnd yet ANOTHER reason NOT ...to buy Sony ... I used to work in the audio video field, the standard rule of thumb was, if it has a moving part, and it has the Sony name it, it WILL break. They...
- Discussion threads 2008-09-04
- Dell repair adventure, day 5, with updates
- Since our last episode, our hero has been communicating with Bob Pearson, Dell's VP of Communities & Conversations, and Bill Bivin, Dell's Community Liaison, about getting my Dell Lattitude D620 back up and running. Both Bob and Bill give every impression of trying very hard to deal not only with...
- Blog posts 2008-09-04
- TiVo HD XL (150 HD hours)
- When TiVo discontinued its high-end cable-ready high-def DVR, the TiVo Series3, it was really just making room for a new product in the line: the TiVo HD XL. The new TiVo is a near twin to the existing TiVo HD, but for three changes: it's got a much larger...
- Product reviews 2008-09-04
- MusicReader Solo Pro (exe)
- MusicReader is innovative software that makes reading music easy and convenient. The software offers solutions for all kinds of problems musicians have with paper sheet music, both individually and in orchestras and ensembles. This includes easy page turning, a convenient music library and flexible annotation making. MusicReader also anticipates on...
- Software downloads 2008-09-04
- IntelliGolf Eagle (Palm OS) (zip)
- Use this golf software to automate golf scoring, wagering, and shot tracking on the course with your Palm OS-based handheld or smartphone. View shot distances with GPS accuracy using industry-leading GPS receivers and smartphones. Upload results to the included Windows desktop software to approximate your handicap, view performance charts, and...
- Software downloads 2008-09-04
- IntelliGolf Eagle (Windows Mobile) (zip)
- Use this golf software to automate golf scoring, wagering, and shot tracking on the course with your Windows Mobile-based Smartphone Standard or Professional edition. View shot distances with GPS accuracy using industry-leading GPS receivers and smartphones. Upload results to the included Windows desktop software to approximate your handicap, view performance...
- Software downloads 2008-09-04
- TetriCrisis 100% (exe)
- Play free Tetris with amazing graphics, sound, and music on your Windows based computer. Game features: Beautiful full color and high resolution visual graphics, awesome digital sound effects, amazing digitally orchestrated soundtrack featuring over 40+ minutes of CD quality music, Perfect control and amazingly accurate gameplay, 7 different and exciting...
- Software downloads 2008-09-04
- MOTU Digital Performer (zip)
- Digital Performer is an integrated digital audio and MIDI sequencing production system. It provides a comprehensive environment for editing, arranging, mixing, processing, and mastering multitrack audio projects for a wide variety of applications. Digital Performer allows you to simultaneously record and playback multiple tracks of digital audio and MIDI data...
- Software downloads 2008-09-04
- Sony Vaio JS190J (silver)
- Finally, a Windows-based all-in-one earns our admiration. We've seen new all-in-one PCs from Hewlett-Packard and Averatec this year, and Apple also refreshed its popular iMac. None of them deliver as much in the way of features and performance as Sony's new, $1,499 Vaio JS190J. A full-size desktop processor helps make...
- Product reviews 2008-09-03
- TiVo's new strategy: Too little, too late?
- TiVo's new strategy: Too little, too late?There's more to it than thatI say Tivo's loss has more to do with their higher costs. At least that's why I got a DVR from my cable provider Bright House and not from Tivo.First you pay $150 for the Tivo box, then...
- Discussion threads 2008-09-03
- Canon, Epson add Wi-Fi to new multifunction printers
- Built-in wireless networking capability is slowly infiltrating the home printer market. At the end of last year, we highlighted a dirt-cheap monochrome laser, the Brother HL-2170W, and both Canon and Epson have recently announced a handful of new all-in-one inkjet printers that also feature built-in 802.11b/g Wi-Fi. These four multifunction...
- Blog posts 2008-09-03
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Marc Canter: The master of multimedia speaks
-
In this Super Techies interview, larger-than-life techie Marc Canter talks with ZDNet's Editor in Chief Dan Farber about his career as a multimedia pioneer.
- Watch the video >>
- Access the latest Intel and industry best practices
-
Designed specifically to address the concerns of senior IT managers at organizations with more than 100 employees, the Intel Premier IT Professional Program provides best practices via local and e-Seminars and a members-only Web site.
- View the Intel Premier IT Professional web-site tour >>
- BNET Industries
- Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
-
- The technology industry from a different angle
-
- See what's hot in the auto industry
-
- Stay on top of the energy industry
