Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, (which may be public to widely) , and private keys, (which will be known only to the owne\r.) The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.
In public key encryption Although we can be quite sure the message was not understood or read by a third party (message confidentiality), but there is no guarantee the sender really is the sender; that is, there is no authentication of the sender.
This means the sender could deny ever sending the message (repudiation). And there is no assurance the message was not altered somehow in transit.
To check the integrity of a message and ensure it has not been altered in transit, a hash function is used first to create a digest of the message.
A hash function is an algorithm that produces a fixed-length number called a hash or message digest.
■ A hash function can be simple, and count the number of digital 1s in a message, or it can be more complex, and produce a 128-bit number that reflects the number of 0s and 1s, the number of 00s and 11s, and so on.
■ Standard hash functions are available (MD4 and MD5 produce 128- and 160-bit hashes) (Stein, 1998).
These more complex hash functions produce hashes or hash results that are unique to every message.
■ The results of applying the hash function are sent by the sender to the recipient.
■ Upon receipt, the recipient applies the hash function to the received message and checks to verify the same result is produced. If so, the message has not been altered.
The sender then encrypts both the hash result and the original message using the recipient’s public key , producing a single block of cipher text.
■ One more step is required.
■ To ensure the authenticity of the message and to ensure nonrepudiation, the sender encrypts the entire block of cipher text one more time using the sender’s private key.
This produces a digital signature (also called an e-signature) or “signed” cipher text that can be sent over the Internet.
■ A digital signature is a close parallel to a handwritten signature.
■ Like a handwritten signature, a digital signature is unique—only one person presumably possesses the private key.
When used with a hash function, the digital signature is even more unique than a handwritten signature.
■ In addition to being exclusive to a particular individual, when used to sign a hashed document, the digital signature is also unique to the document, and changes for every document.
The receiver of this signed cipher( message + message digest) first uses the sender’s public key to authenticate the message.
Once Authenticate, the recipient uses his or her private key to obtain the hash result (message digest) and original message.
As a final step, the recipient applies the same hash function to the original text (original message) and compares the result with the result sent by the sender.
If the results are same (Send message digest = receiver message digest) the receiver now knows the message has not been changed during transmission The message has integrity.
The message has integrity.
■ Early digital signature programs required the user to have a digital certificate, and were far too difficult for an individual to use.
■ Newer programs from several small companies are Internet-based and do not require users to install software, or understand digital certificate technology