Question
I belive I understand how digital signatures work but still I do not understand how it still guaranties a message has been encrypted by a known sender (Alice).
Let's pretend Alice wants to send a message to Bob. Alice and bob met last week and Bob is waiting for a response either a yes or no. Tom is the middle hacker guy
https://stackoverflow.com/questions/17390810
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian// 1) Alice get's Bob public key
var bobPubKey = GetBobsPubKey();
// 2) Alice encrypts yes with bob's public key
var encryptedMessage = AssymetricEncryption.Encrypt("YES", bobPubKey );
// 3) Send message to bob
sendMsgToBob(encryptedMessage);
The problem with this approach is that Tom could have had intercepted the message encryptedMessage and replace that message with var newEncryptedMsg = AssymetricEncryption.Encrypt("NO!", bobPubKey ); When bob receives the message he has no clue it has been modified by Tom!
// 1) Alice get's Bob's public key
var bobPubKey = GetBobsPubKey();
// 2) Alice encrypts 'yes' with bob's public key
var encryptedMessage = AssymetricEncryption.Encrypt("YES", bobPubKey );
// 3) Alice creates a hash of the encrypted message
var hashOfEncMsg = Sha1(encryptedMessage);
// 4) Alice encryptes that hash with her priveate key
var digitalSignature = AssymetricEncryption.Encrypt(hashOfEncMsg , alicePrivKey);
// 5) Alice sends both the encryptedMsg plus the signature to Bob
var msgToSend = string.Format("someUrl.asp?encMsg={0}&digSignatrue={1}",encryptedMessage , digitalSignature );
sendBobAMsg(msgToSend ); // msg contains encryptedConted + digital Signature
here is what bob will have to do to make sure message is from alice
// 0) Bob receives encrypted msg plus digital signatrue
var msg = RecieveMsg();
var digitalSignature = GetDigSgnatureFromMsg(msg);
var encryptedMessage = GetEncyptedMsgFromMsg(msg);
// 1) Decrypt the msg
var plainText = AssymetricEncryption.Decrypt(encryptedMessage , bobPrivateKey ); // = YES
/* now cause bob also received a digital signature let's do more steps to guaranty that the message came from Alice */
// 2) get Alice public key
var alicePubKey = GetAlicePubKey();
// 2) Create the same hash that Alice created for the msg
var ciphertext = AssymetricEncryption.Encrypt(plainText , bobPubKey ); // here plainText = YES
var hashOfEncMsg = Sha1(ciphertext);
// 3) Decrypt DigitalSignature hash with Alice public key
var aliceHash = AssymetricEncryption.Decrypt(digitalSignature , alicePublicKey);
// 4) Here alice Hash must equal hashOfEncMsg
if( hashOfEncMsg != aliceHash ) { throw new exception("Message has been modified or it does not come from Alice!");
So my question is on this last step 4 where Alice hash must equal hashOfEncMsg. Why if this validation comes true Bob can guaranty that the message came from Alice?
I believe the message can still be modified by Tom and here is how: (I am probably wrong somewhere; it cant be that digital signatures are not what they claim to be).
Tom intercepts Alice msg
Tom knows the message has a digital signature so he generates a key combination where his public key will be the same as Alice's . (Tom's private key is different from Alice's though)
Tom encrypts "No" with Bob's public key
Tom creates a digital signature just like Alice did but with his private key
When bob receives the message he decrypts it fine with his private key and he sees "No"
bob then will validate the sigature to see if the message came from alice
bob encrypts "No" with his public key and computes a hash. That is = hash1
bob decrypts get's alice public key which is the same as tom's.
with that key then bob decrypts the dig signature. Decrypting that dig signature should equal hash1 ! .
Bob now thinks Alice sent a NO!
Based on the responses I received, here is the solution to the question:
Bob can guaranty that the message comes from Alice because Tom will not be able to generate a private key that is mathematically related to Alice public key. In other words step number 2 (Tom knows the message has a digital ....) will require a lot of time. So if Alice reply within a reasonable amount of time then Bob can guaranty that the message came from Alice.
Solution
Tom has to encrypt "No!" with a private key that can be decrypted with Alice's public key, he can't use his own private key.
This means Tom needs a private/public key pair, but he only knows the public key. It is computationally very difficult (effectively impossible in reasonable time) to compute the private key from a public key.
OTHER TIPS
The step 2 of Tom's course of actions will be problematic. The given public key has one -- and only one -- corresponding private key. To calculate it Tom needs to factorize a very large integer number (which is effectively a product of 2 very large prime numbers). The inability to solve that task in reasonable time is the thing which the RSA encryption is based on.
