How can a digital signature provide proof the authenticity (not integrity!) of a file?
Asked
Active
Viewed 1,322 times
2 Answers
2
First of all, authenticity and integrity are related especially when it comes to cryptography. The reason is simple: if an attacker can alter the file - void the data integrity - then the file is obviously not authentic / original anymore. Note that data integrity does not disallow replacing the signed file by another file signed with the same private key.
It is required to verify that the signature and file match to provide authenticity. The verification procedure most show that the signature was created by the entity that that was supposed to have signed the file. Usually asymmetric cryptography is used for this, where a key pair is generated by the signing party. The private key is kept by the signing party and the public key can be distributed to parties that need to perform verification.
The private key an be used to perform signature generation over the file. The public key can be used to verify that the file was signed by that particular private key because the public key and private key are mathematically related to each other. Generally the signature generation and verification both have to use a cryptographic hash over the file to calculate a statically sized, computationally unique value to represent the file; this unique hash is used in signature generation and verification rather than the file itself.
The verification shows that the file must have been signed using the private key that is part of the key pair. It is however of vital importance that the public key is trusted to belong to the private key of a particular party. Otherwise an adversary could simply substitute their own key pair and substitute both the public key and signature values. In other words, the signature value can only be trusted once the public key is trusted.
Note that cryptographers generally talk about message authentication. A file is just a persistently and sequentially stored message with a particular name. In cryptography a message can consist of any ordered amount of bits. We don't care how the bits are presented during signature generation / verification, as long as they are present when required.
Maarten Bodewes
- 96,351
- 14
- 169
- 323
1
Your paper signature is almost unique so that when you sign a paper, authorities can verify your signature from your previous signatures.
The digital signature started with the public key encryption. In which, everybody with the knowledge of your public key $k_{pub}$, can send you an encrypted message that only be decrypted by you. To begin with, you must generate your keys and distribute your public key through public servers, or see.
In public key cryptography, a message encrypted with a public key, only the related private key $k_{priv}$ owner can decrypt the message. With the following relation;
$$ Dec(k_{priv}, Enc(k_{pub}, m)) = m$$
So, question if, what will happen if you encrypt the message with your private key? Everybody can use your public key to see the message. In short, this is a digital signature. Only you can encrypt with the $k_{priv}$ and everybody can verify with $k_{pub}$
$$ Sign(m) = Enc(k_{priv}, m)$$
$$ Verify(Sign(m)) = Dec_{k_{pub}}(Enc(k_{priv}, m))$$
If the $ Verify(Sign(m)) = m$, than the digital signature is verified.
This is, in a true sense, a textbook definition of the digital signature. As Maarten gave in the comment, RSA Encryption is not the same as signature generation. The padding schemes are different, see PKCS#1.
"How forgery is not possible" so that one can digitally sign a message to forge your signature. If we assume that the underlying mathematical problems hard and your $k_{priv}$ is secured by you, then a forgery can possible if attacker either finds a weakness in the protocol or in the mathematical problem or steal your key.
If you stick to the standards as RSA-PSS ECDSA DSS and follow the recommendations you will be safe.
And, see the Maarten's answer for the other nice details.
