Steven C. Den Beste sdenbes1@san.rr.com graciously allowed me to take his newsgroup post on digital signatures and work it up into this essay.
This essay is an under-the-hood background piece on how digital signatures work. It is not a how to on what tools to use to sign and verify files.
Digital signatures allow you be confident a file or program came from the author claimed and that the file has not been tampered with. There are various schemes in widespread use: X.509 v3 certificates, Microsoft’s Authenticode ActiveX unforgeable signatures, Microsoft’s J++ cab files, PGP (Pretty Good Privacy) signing, RSA (Rivest, Shamir and Adelman), Lucent and Java’s signed Applets.
In Java, you may relax some of the usual security constraints you would place on wild Applets you randomly encounter surfing the web. For example, you might allow a trusted Applet to write to your local hard disk. Just because a program is digitally signed is no guarantee it is bug free or harmless. It is not rocket science to sign a file. See Daniel Griscom’s FAQ or Ted Landry’s FAQ on how to do it.
This essay will give you a broad overview of how digital signatures work, partly to give you some confidence in them and partly to show you why they are not 100% secure. This essay tends to get a bit too much into the details of why they are secure. I suggest you read the sections in the Java & Internet Glossary on certificates, PGP and X.509 v3 before tackling this.
A digitally signed file or message may or may not be encrypted itself. The signature is just an appendage that cannot be forged. The appendage ensures the file has itself has not been changed and that it came from who it was claimed to be from.
That is just the way mathematicians say that you must have a way to encrypt and decrypt to get precisely back to where you started. You must both be able to encrypt with a secret key and decrypt with a public one and also to encrypt with a public key and decrypt with a secret one.
It is pretty simple with modern computers to find two arbitrary and very large prime numbers. It is trivially easy to multiply them together yielding a composite number. It is grossly difficult to take the resulting huge composite number and to factor it, yielding the two original prime numbers. Thus the public key P is isomorphic to the composite number and the secret key S is isomorphic to the two primes. In fact, one of RSA’s patented ciphers is based on exactly this and it’s the one used for signature verification.
They come in various flavours and costs, depending on how much checking they do on you and what you intend to use them for e.g. signing files for Internet Explorer, Solaris, email, or posting to newsgroups. (The public key PC has to be built into the browser/whatever when you receive it; this is the point of biggest risk, but only to the degree that like any native program you have to be careful where you get it. But if I download the browser from Microsoft’s website, the risk is very low that I’m actually getting a phony version with a bogus path and key for the certification authority. It would require someone to get into the DNS (Domain Name Service) database (the database used to convert web domain names to dotted quad numerical addresses) and redirect accesses intended for Microsoft to some other website which looked enough like MS’s to fool you-- and for it never to be discovered and publicized afterwards. I consider that risk to be vanishingly small. Redirection at the DNS is conceivable [it’s happened] but I don’t believe it would not be noticed. The guy who did this is currently being prosecuted.
When an Applet is created, the vendor creates a secret key SV and a public key PV. A large checksum c (something like a 128-bit CRC (Cyclic Redundancy Check) ) gets calculated for the Applet and it is then enciphered using the secret cipher sv(c) yielding a bit stream c' which anyone can decipher using pv(c') to yield again the CRC c. This is only true if they have the ability to get the correct public key PV and know it’s right.
If you register and then deliberately distribute a harmful program, it won’t take long for someone to connect their grief with your app. Word will get back to the certifying authority who will do two things:
So how about stealthily making your harmful app look like it came from someone else? In other words, change the app, recalculate the checksum but set the ident to someone else’s. Well, that requires that you have their SV, the secret key of the vendor you’re trying to mimic. All you have to do is break his cipher. That’s all. Easy, right?
Huh-uh. lots of work and maybe not practical in any reasonable time period. When RSA originally issued the prime/composite cipher, they published a message in it and offered a prize for anyone who could crack it.
Someone eventually did — one of those swarms of hobbyists working across the net efforts. But that particular cipher only used prime numbers with less than 70 digits. The problem is a lot bigger when the primes are 130 digit or 150-digit. (Remember that the problem is not twice as big with 140 digit primes, it’s at least 10^70th times bigger.) It would be essentially impossible to use this kind of approach without word getting out and your success (assuming you succeeded) would be very fragile because the vendor you’re trying to mimic could choose a new key and recertify in a day or two. Why spend years rounding up support to crack a cipher which can be changed in 24 hours?
In fact, espionage is the only really practical solution if you’re bound to create mischief. It’s a lot easier to steal the key than to get it by brute force. And espionage is definitely not easy and again the success would be very fragile since it would be so easy to change the key.
Keep in mind that a file being signed, by itself, proves nothing (e.g. the PGP trailer you see on some newsgroup posts). Some evil person could get the original file, modify it, re-checksum it and re-sign it with a different digital signature and pass it off as the original. The recipient would be none the wiser unless he checked the digital signature against the one expected from that author. The recipient either must have requested that expected key directly from the author in some secure way, or from the certifying authority over the insecure Internet, using the certifying authority’s digital signature to prevent tampering.
recommend book⇒Digital Signatures (Advances in Information Security) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
by | Jonathan Katz | 978-1-4899-9881-1 | paperback | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
publisher | Springer | 978-0-387-27711-0 | hardcover | |||||||||||||||||||||||||||||||||||||||||||||||||||||
published | 2010-06-03 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
This is a theoretical academic textbook that explains the math behind various digital signing techniques. It is not about the devious ways hackers bypass the security. There are many other Jonathan Katzes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Greyed out stores probably do not have the item in stock. Try looking for it with a bookfinder. |
recommend book⇒Web Security, Privacy and Commerce, second edition | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
by | Simson Garfinkel | 978-0-596-00045-5 | paperback | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
publisher | O’Reilly | 978-1-4493-0524-6 | eBook | |||||||||||||||||||||||||||||||||||||||||||||||||||||
published | 2002-01-15 | B004V9MQZS | kindle | |||||||||||||||||||||||||||||||||||||||||||||||||||||
Good for overview, not practical detail. The shark book. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Greyed out stores probably do not have the item in stock. Try looking for it with a bookfinder. |
recommend book⇒Distributed Programming with Java | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
by | Qusay Mahmoud | 978-1-884777-65-3 | paperback | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
publisher | Manning | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
published | 1999-09-01 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Discusses how to digitally sign messages going over sockets. Chapter 12 is available online at Manning books. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Greyed out stores probably do not have the item in stock. Try looking for it with a bookfinder. |
For email signing and encryption, the two most common schemes are PGP often used with Thunderbird and smime often used with MS Outlook.
This page is posted |
http://mindprod.com/jgloss/digitalsignatures.html | |
Optional Replicator mirror
|
J:\mindprod\jgloss\digitalsignatures.html | |
Please read the feedback from other visitors,
or send your own feedback about the site. Contact Roedy. Please feel free to link to this page without explicit permission. | ||
Canadian
Mind
Products
IP:[65.110.21.43] Your face IP:[3.12.71.166] |
| |
Feedback |
You are visitor number | |