HaifaSoft

Public and Private Key, Digital Signatures and HTTPS

by

Adelin Ghanayem
in

Digital signatures are an essential aspect of modern cryptography and are widely used to guarantee the integrity, authenticity, and non-repudiation of a message or a document. Although there are different algorithms to digitally sign a document, one common method is to use RSA (Rivest-Shamir-Adleman) algorithm.

Mathematical Background

Before diving into the steps, let’s understand some of the mathematical elements involved:

  1. Hash Function: A hash function takes an input (or “message”) and returns a fixed-size string, which appears random.
  2. Public Key and Private Key: In RSA, each person has a pair of keys: a public key, which is openly shared, and a private key, which is kept secret.

RSA Key Generation

  1. Select two large prime numbers, (p) and (q).
  2. Compute (N = p \times q).
  3. Calculate the totient, (\phi(N) = (p-1) \times (q-1)).
  4. Choose an integer (e) such that (1 < e < \phi(N)) and (gcd(e, \phi(N)) = 1); (e) is the public exponent.
  5. Compute (d = e^{-1} \mod \phi(N)); (d) is the private exponent.

The public key consists of (N) and (e), and the private key is (d).

Steps to Digitally Sign a Document

Programmatically

  1. Read the Document: First, you need to read the content of the document into a suitable data structure (like a byte array).
  2. Compute the Hash: Use a cryptographic hash function (e.g., SHA-256) to hash the content of the document. import hashlib document = "This is a document." document_hash = hashlib.sha256(document.encode()).hexdigest()
  3. Encrypt the Hash: Use the signer’s private key to encrypt the hash. This encrypted hash is the digital signature. from Crypto.PublicKey import RSA from Crypto.Signature import pkcs1_15 from Crypto.Hash import SHA256 # Load private key private_key = RSA.import_key(open("private.pem").read()) h = SHA256.new(document.encode()) signature = pkcs1_15.new(private_key).sign(h)
  4. Attach Signature to Document: The signature is then attached to the document. Sometimes, it is sent separately but referenced to the original document.

Mathematically

  1. Compute Hash (H):
    [
    H = \text{Hash}(\text{Document})
    ]
  2. Encrypt Hash to Generate Signature (S):
    [
    S = H^d \mod N
    ] Here (d) is the private key, and (N) is part of the public key.

Verifying a Digital Signature

  1. Detach the Signature: The recipient detaches the digital signature from the document to verify it.
  2. Compute the Hash: The recipient calculates the hash of the received document.
  3. Decrypt the Signature: The recipient uses the sender’s public key to decrypt the received signature to get the hash. Mathematically:
    [
    H’ = S^e \mod N
    ] Here, (e) and (N) make up the public key.
  4. Compare the Hash: Finally, (H’) is compared to the computed hash of the received document. If both are identical, the signature is verified.

By following these steps, you can digitally sign a document to ensure its integrity, authenticity, and non-repudiation.

the usage of public and private keys depends on the context—either for encryption/decryption or for signing/verifying signatures. Let’s break this down:

Digital Signatures

In the case of digital signatures:

  • Signing: The private key is used to encrypt the hash of a message/document, thereby generating a digital signature. This is done by the sender.Mathematically: �=��mod  �S=HdmodN
  • Verifying: The public key is used to decrypt the received digital signature to get the original hash. This is compared to a newly computed hash of the received message/document to verify its authenticity. This is done by the receiver.Mathematically: �′=��mod  �H′=SemodN

Data Encryption (e.g., HTTPS)

In the case of encrypting data for secure transmission, like in HTTPS:

  • Encrypting: The public key is used to encrypt a nonce or a symmetric key. This ensures that only the intended recipient (who holds the corresponding private key) can decrypt it. This is often done by the client.Mathematically: �=��mod  �C=MemodN
  • Decrypting: The private key is used to decrypt the received ciphertext to get back the original nonce or symmetric key. This is often done by the server.Mathematically: �=��mod  �M=CdmodN

Here �C is the ciphertext, and �M is the original message (nonce or symmetric key).

Why the Difference?

  • Authentication and Integrity: For digital signatures, the goal is to confirm the origin and integrity of the message. Hence, the private key is used to generate a signature, and the public key is used to verify it.
  • Confidentiality: For secure data transmission, the goal is to keep the data confidential. So, the public key encrypts the data, ensuring that only the owner of the private key can decrypt and access it.

Combining Both in Protocols Like HTTPS

Modern secure communication often combines both encryption for confidentiality and digital signatures for authentication and integrity. In the HTTPS protocol, for example:

  1. Asymmetric encryption (using RSA, for example) is initially used to securely exchange a symmetric key between the client and the server.
  2. This symmetric key is then used for encrypting/decrypting the actual data transferred between the client and server, using a symmetric algorithm like AES.
  3. Digital signatures can also be used to verify the integrity and origin of the messages in this secure communication pipeline.

By combining both methods, HTTPS achieves confidentiality, integrity, and authenticity.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *