How is RSA Used for Authentication in Practice? What are RSA Digital Signatures?
RSA is usually combined with a hash function (see Question 94) to sign a message. Suppose Alice wishes to send a signed message to Bob. She applies a hash function to the message to create a message digest, which serves as a “digital fingerprint” of the message. She then encrypts the message digest with her RSA private key; this is the digital signature, which she sends to Bob along with the message itself. Bob, upon receiving the message and signature, decrypts the signature with Alice’s public key to recover the message digest. He then hashes the message with the same hash function Alice used and compares the result to the message digest decrypted from the signature. If they are exactly equal, the signature has been successfully verified and he can be confident that the message did indeed come from Alice. If they are not equal, then the message either originated elsewhere or was altered after it was signed, and he rejects the message. With the method just described, anybody read the
Related Questions
- Digital signatures are electronically generated and can be used to ensure the integrity and authenticity of some data, such as an e-mail message and protect against non-repudiation. Are Digital Signatures legally valid in India?
- Who determines the circumstances under which digital signatures should be used for authenticating electronic communications and online interactions?
- The PKD is used to check digital signatures in ePassport chips. How can that help to detect look-alike fraud?
