|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Keyed hash vs Digital signature ????I am a bit confuse with hashing and Digitaly sign data. I have understand that hashing a file with a keyed Hash class, you are protecting hash value to be modified becasue it is regenerated with a secret key exanged between the sender and receiver. The receiver will then trust the sender about the source of the information Now I have check the Digital Signature feature which is doing similar thing except I understand that it add one more level which is the signature which wrapp the encrypted data and the hash. I have read that signature prove also that data has been generated and issue by a trust sender... Similar as a keyed hash then What is the benfits then to sign if Keye hasing get same result ? thnaks for help regards serge The underlying key types and crypto technologies are different.
HMACS are typically used with symmetric keys (typically a 1-1 relationship between sender and receiver using a shared key) DSIGs are typcially used with asymmetric keys (a 1-n relationship, one can form a DSIG, everybody with access to the pub key can verify it) dominick www.leastprivilege.com Show quoteHide quote > Dear all, > > I am a bit confuse with hashing and Digitaly sign data. > I have understand that hashing a file with a keyed Hash class, you are > protecting hash value to be modified becasue it is regenerated with a > secret > key exanged between the sender and receiver. The receiver will then > trust the > sender about the source of the information > Now I have check the Digital Signature feature which is doing similar > thing > except I understand that it add one more level which is the signature > which > wrapp the encrypted data and the hash. > I have read that signature prove also that data has been generated and > issue > by a trust sender... Similar as a keyed hash then > What is the benfits then to sign if Keye hasing get same result ? > > thnaks for help > regards > serge thnaks for the clarification
Show quoteHide quote "Dominick Baier" wrote: > The underlying key types and crypto technologies are different. > > HMACS are typically used with symmetric keys (typically a 1-1 relationship > between sender and receiver using a shared key) > DSIGs are typcially used with asymmetric keys (a 1-n relationship, one can > form a DSIG, everybody with access to the pub key can verify it) > > dominick > www.leastprivilege.com > > > Dear all, > > > > I am a bit confuse with hashing and Digitaly sign data. > > I have understand that hashing a file with a keyed Hash class, you are > > protecting hash value to be modified becasue it is regenerated with a > > secret > > key exanged between the sender and receiver. The receiver will then > > trust the > > sender about the source of the information > > Now I have check the Digital Signature feature which is doing similar > > thing > > except I understand that it add one more level which is the signature > > which > > wrapp the encrypted data and the hash. > > I have read that signature prove also that data has been generated and > > issue > > by a trust sender... Similar as a keyed hash then > > What is the benfits then to sign if Keye hasing get same result ? > > > > thnaks for help > > regards > > serge > > > In which form in that case everybody can access the public key then ?
If you wnat that everybody can verify a file signature, everybody should know how it has been build no ? For example if I signe a file with that way : Dim signer as RSACryptoServiceProvider= new RSACryptoServiceProvider signer.SignData(Data, new SHA1CryptoServiceProvider) Then for verify the signature I need to use signer.VerfyData(Data, new SHA1CryptoServiceProvider, signature) or can it be so that as long as you provide a signature and a file, any application have enough information to verify it ? thnaks fro help Show quoteHide quote "Dominick Baier" wrote: > The underlying key types and crypto technologies are different. > > HMACS are typically used with symmetric keys (typically a 1-1 relationship > between sender and receiver using a shared key) > DSIGs are typcially used with asymmetric keys (a 1-n relationship, one can > form a DSIG, everybody with access to the pub key can verify it) > > dominick > www.leastprivilege.com > > > Dear all, > > > > I am a bit confuse with hashing and Digitaly sign data. > > I have understand that hashing a file with a keyed Hash class, you are > > protecting hash value to be modified becasue it is regenerated with a > > secret > > key exanged between the sender and receiver. The receiver will then > > trust the > > sender about the source of the information > > Now I have check the Digital Signature feature which is doing similar > > thing > > except I understand that it add one more level which is the signature > > which > > wrapp the encrypted data and the hash. > > I have read that signature prove also that data has been generated and > > issue > > by a trust sender... Similar as a keyed hash then > > What is the benfits then to sign if Keye hasing get same result ? > > > > thnaks for help > > regards > > serge > > > For DSIGs you usually use certificates. They add authentication to public
keys. Otherwise it is not possible to verify that you are really using the right public key (besides you received the pub key using an out of band method like on a CD, verbal or a fax etc). Certs can be made available in various ways - e.g. you can embed them in the signature, make them downloadable and so forth. Have a look at the System.Security.Cryptography.X509Certificates and Pkcs namespace - here's also a sample app that does signing/encryption using certs: http://www.leastprivilege.com/CrypterPKRTMVersion.aspx dominick Show quoteHide quote > In which form in that case everybody can access the public key then ? > If you wnat that everybody can verify a file signature, everybody > should > know how it has been build no ? > For example if I signe a file with that way : > > Dim signer as RSACryptoServiceProvider= new RSACryptoServiceProvider > signer.SignData(Data, new SHA1CryptoServiceProvider) > > Then for verify the signature I need to use > signer.VerfyData(Data, new SHA1CryptoServiceProvider, signature) > or can it be so that as long as you provide a signature and a file, > any application have enough information to verify it ? > > thnaks fro help > "Dominick Baier" wrote: >> The underlying key types and crypto technologies are different. >> >> HMACS are typically used with symmetric keys (typically a 1-1 >> relationship >> between sender and receiver using a shared key) >> DSIGs are typcially used with asymmetric keys (a 1-n relationship, >> one can >> form a DSIG, everybody with access to the pub key can verify it) >> dominick >> www.leastprivilege.com >>> Dear all, >>> >>> I am a bit confuse with hashing and Digitaly sign data. >>> I have understand that hashing a file with a keyed Hash class, you >>> are >>> protecting hash value to be modified becasue it is regenerated with >>> a >>> secret >>> key exanged between the sender and receiver. The receiver will then >>> trust the >>> sender about the source of the information >>> Now I have check the Digital Signature feature which is doing >>> similar >>> thing >>> except I understand that it add one more level which is the >>> signature >>> which >>> wrapp the encrypted data and the hash. >>> I have read that signature prove also that data has been generated >>> and >>> issue >>> by a trust sender... Similar as a keyed hash then >>> What is the benfits then to sign if Keye hasing get same result ? >>> thnaks for help >>> regards >>> serge What I have heard and read about certificate is that it require maintenance,
might need also PKI... How is it then in real life, does company requring signing are all directed to Certificated and CA like Verisign ? Show quoteHide quote "Dominick Baier" wrote: > For DSIGs you usually use certificates. They add authentication to public > keys. Otherwise it is not possible to verify that you are really using the > right public key (besides you received the pub key using an out of band method > like on a CD, verbal or a fax etc). > > Certs can be made available in various ways - e.g. you can embed them in > the signature, make them downloadable and so forth. > > Have a look at the System.Security.Cryptography.X509Certificates and Pkcs > namespace - here's also a sample app that does signing/encryption using certs: > http://www.leastprivilege.com/CrypterPKRTMVersion.aspx > > > dominick > > > In which form in that case everybody can access the public key then ? > > If you wnat that everybody can verify a file signature, everybody > > should > > know how it has been build no ? > > For example if I signe a file with that way : > > > > Dim signer as RSACryptoServiceProvider= new RSACryptoServiceProvider > > signer.SignData(Data, new SHA1CryptoServiceProvider) > > > > Then for verify the signature I need to use > > signer.VerfyData(Data, new SHA1CryptoServiceProvider, signature) > > or can it be so that as long as you provide a signature and a file, > > any application have enough information to verify it ? > > > > thnaks fro help > > "Dominick Baier" wrote: > >> The underlying key types and crypto technologies are different. > >> > >> HMACS are typically used with symmetric keys (typically a 1-1 > >> relationship > >> between sender and receiver using a shared key) > >> DSIGs are typcially used with asymmetric keys (a 1-n relationship, > >> one can > >> form a DSIG, everybody with access to the pub key can verify it) > >> dominick > >> www.leastprivilege.com > >>> Dear all, > >>> > >>> I am a bit confuse with hashing and Digitaly sign data. > >>> I have understand that hashing a file with a keyed Hash class, you > >>> are > >>> protecting hash value to be modified becasue it is regenerated with > >>> a > >>> secret > >>> key exanged between the sender and receiver. The receiver will then > >>> trust the > >>> sender about the source of the information > >>> Now I have check the Digital Signature feature which is doing > >>> similar > >>> thing > >>> except I understand that it add one more level which is the > >>> signature > >>> which > >>> wrapp the encrypted data and the hash. > >>> I have read that signature prove also that data has been generated > >>> and > >>> issue > >>> by a trust sender... Similar as a keyed hash then > >>> What is the benfits then to sign if Keye hasing get same result ? > >>> thnaks for help > >>> regards > >>> serge > > > You can also have internal CA - Windows Server 2003 e.g. includes one.
dominick Show quoteHide quote > What I have heard and read about certificate is that it require > maintenance, might need also PKI... > > How is it then in real life, does company requring signing are all > directed to Certificated and CA like Verisign ? > > "Dominick Baier" wrote: > >> For DSIGs you usually use certificates. They add authentication to >> public keys. Otherwise it is not possible to verify that you are >> really using the right public key (besides you received the pub key >> using an out of band method like on a CD, verbal or a fax etc). >> >> Certs can be made available in various ways - e.g. you can embed them >> in the signature, make them downloadable and so forth. >> >> Have a look at the System.Security.Cryptography.X509Certificates and >> Pkcs namespace - here's also a sample app that does >> signing/encryption using certs: >> http://www.leastprivilege.com/CrypterPKRTMVersion.aspx >> >> dominick >> >>> In which form in that case everybody can access the public key then >>> ? >>> If you wnat that everybody can verify a file signature, everybody >>> should >>> know how it has been build no ? >>> For example if I signe a file with that way : >>> Dim signer as RSACryptoServiceProvider= new RSACryptoServiceProvider >>> signer.SignData(Data, new SHA1CryptoServiceProvider) >>> >>> Then for verify the signature I need to use >>> signer.VerfyData(Data, new SHA1CryptoServiceProvider, signature) >>> or can it be so that as long as you provide a signature and a file, >>> any application have enough information to verify it ? >>> thnaks fro help >>> "Dominick Baier" wrote: >>>> The underlying key types and crypto technologies are different. >>>> >>>> HMACS are typically used with symmetric keys (typically a 1-1 >>>> relationship >>>> between sender and receiver using a shared key) >>>> DSIGs are typcially used with asymmetric keys (a 1-n relationship, >>>> one can >>>> form a DSIG, everybody with access to the pub key can verify it) >>>> dominick >>>> www.leastprivilege.com >>>>> Dear all, >>>>> >>>>> I am a bit confuse with hashing and Digitaly sign data. >>>>> I have understand that hashing a file with a keyed Hash class, you >>>>> are >>>>> protecting hash value to be modified becasue it is regenerated >>>>> with >>>>> a >>>>> secret >>>>> key exanged between the sender and receiver. The receiver will >>>>> then >>>>> trust the >>>>> sender about the source of the information >>>>> Now I have check the Digital Signature feature which is doing >>>>> similar >>>>> thing >>>>> except I understand that it add one more level which is the >>>>> signature >>>>> which >>>>> wrapp the encrypted data and the hash. >>>>> I have read that signature prove also that data has been generated >>>>> and >>>>> issue >>>>> by a trust sender... Similar as a keyed hash then >>>>> What is the benfits then to sign if Keye hasing get same result ? >>>>> thnaks for help >>>>> regards >>>>> serge 
Other interesting topics
Prevent others from using my class libraries
Decryptionfailed to bring original text back.... Help encrypt conn string - no ASP, no server, can't protect keys, can't use Windows Authentication Non Administrator creating shares on a DC What's wrong with my encryption function? Newbie Question - Thanks in Advance... Simple Keyed hash question Security Exception and Windows Vista random passwords Getting the Access Permissions for a specific SID on a File / folder |
|||||||||||||||||||||||
