Imagine that a digitally signed business invoice arrives in Alice’s mailbox from Bob. Just because a digitally signed document claims to come from a person or a company it doesn’t mean that it actually did, a malicious individual could masquerade as the sender by producing their own public/private key pair and using these to produce digital signatures. If the hashes are the same then both Bob and Alice can be confident that the quarterly profit statement was not altered en route by Eve.ĭigital signatures do not provide us with complete confidence of the author or originator. Bob will then calculate a hash of the quarterly profit statement and then compare this with the encrypted hash that he received from Alice. He will decrypt the digital signature using Alice’s corresponding public key to reveal the hash. This will then reveal the encrypted digital signature. Upon receipt Bob will, if Alice sent the message encrypted with his public key, decrypt the message using his own private key.
Alice may also encrypt the quarterly profit statement and the encrypted hash with Bob’s public key so that all details of the message remain secret. Alice will then include the digital signature with the quarterly profit statement and send this to Bob. Figure 10Īlice will therefore produce a hash of the quarterly profit statement and then encrypt this with her private key to produce a digital signature. It shows the different stages it would go through. This is an illustration of how Alice would send her quarterly profit statement to Bob.
0 kommentar(er)
