Problem solve Get help with specific problems with your technologies, process and projects.

How do digital signatures prevent duping the system?

I'm a consulting project manager so I have to admit I don't know all the intricacies needed to develope a secure environment. I've read many of the articles that say digital signitures will verify the message came from who the person says he is, and that a hash is used to determine if the message has been tampered with, but none of the articles I have seen says how that works. What is to keep somebody else from installing somebody else's certificate on their own computer and duping the system? How does a hash tell if the message has been tampered with?
A digital signature uses encryption technology to support data integrity and nonrepudiation. A digital signature provides proof that a particular person (the signatory) sent a piece of information (the signed data). Digital signatures rely on public key cryptography rather than certificates. You create a digital signature by using your private key to apply a signing encryption algorithm to the data being signed. The signing algorithm does not modify the data, but it does produce a unique value (the hash), which is the digital signature. The receiver verifies the signature by applying a verification encryption algorithm to the same data, but this time using the signatory?s public key. The generated value should match the digital signature. If the signed data have been tampered with in any way during transport, the signatures won?t match. Because only the signatory has access to the private key, the receiver is assured that the signed data did in fact come from that person and that the data have not been altered in any way.
This was last published in April 2003

Dig Deeper on Service-oriented architecture (SOA)



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.