Sie sind auf Seite 1von 12

Message digest and signature

generation

Kendi Balazs

Table of Contents
About cryptography...............................................................................................................................3
Symmetric cryptography..................................................................................................................3
Asymmetric cryptography................................................................................................................3
Digital signature....................................................................................................................................4
Creating a digital signature:..............................................................................................................4
Digital certificates.................................................................................................................................5
Cryptographic hash function.................................................................................................................6
The program..........................................................................................................................................7
The code of this parts:.......................................................................................................................7
Step by step explanation:..................................................................................................................9
Bibliography........................................................................................................................................11

About cryptography
The word cryptography is coming from the greek word kryptos which means hidden secret.
It is studying and practicing the techniques for secure communication. The modern cryptography
concerns itself with the following four objectives:

Confidentiality: the information can be understood just by the person for whom it was intended.
Integrity: the information cannot be modified in storage or transit between the receiver and
sender without the alteration being detected
Non-repudiation: the sender cannot deny at a later stage the creation or transmission of the
information
Authentication: the receiver and sender can confirm each others identity and destination and
origin of the information

In cryptography, a key is a piece of information that determines the functional output of a


cryptographic algorithm or cipher. In encryption a key specifies the transformation method of a plain
text into a ciphertext (byte array), or the opposite during decryption. Keys are also used in
cryptographic algorithms, for example digital signature schemes.
There are two types of cryptography: symmetric and asymmetric.

Symmetric cryptography
Symmetric-key algorithms are algorithms that use the same key to encrypt and decrypt data.
The best know algorithm is DES (Data Encryption Standard) which was developed at IBM in 1977 and
is one of the worlds most secure encryption algorithms. The problem with symmetric keys is how to
securely get the secret keys to each end of the exchange and keep them secure after that. For this reason
and asymmetric key system is now often used that is knows as the public key infrastructure.

Asymmetric cryptography
Asymmetric cryptography is cryptography in which a pair of keys (public and private) is used to
encrypt and decrypt the information so that it arrives securely. At the beginning, a network user
receives a public and private key pair from a certificate authority. Any other user who wants to send an
encrypted message can get the intended recipient's public key from a public directory. They use this
key to encrypt the message, and they send it to the recipient. When the recipient gets the message, they
decrypt it with their private key, which no one else should have access to. In our code we will use

asymmetric cyptography.

Digital signature
Digital signature is a data with limited length attached to a message, meant to help the receiver
in identifying the sender and validates the sent message (can check if the message was falsificated). To
create a digital signature we use public key cryptography and hash function.
To create a digital signature we have to use a public key algorithm, for example RSA (RivestShamir-Adleman) or DSA (Digital Signature Algorithm), are cryptosystems used for public-key
encryption, and are widely used for securing sensitive data. Using one of this algorithms one can
generate two keys a public, and a private -, which are mathematically linked. The message is
encrypted using the public key, and decrypted using the private key. Most modern messaging programs
programs support digital signatures and certificates, making it easy to sign any outgoing data and
validate already signed incoming messages. They are also used to provide authenticity and data
integrity of transactions over the internet.

Creating a digital signature:


First step is the encryption of the desired data using a public key. Lets mark the encryption with
Ex(where X is the receiver), the decryption with Dy(where Y is the sender) , with H the hash
function known by both persons and with M the message. The data is the following:
C = Ex (M || Dy (Ex (H (M)))) where || is the union of the bit streams.
Explanation of the encryption: Dy (Ex (H (M))) is Y's digital signature attached to the M message
and Ex(.) is the public crypting procedure. Y's digital signature can not be reproduced because only
he know the decrypting procedure. Using this method this signature can't be re-used and sent to another
person and the message can't be falsificated.
Explanation of the decryption: after the receiver gets the message, he has to decrypt it, in the
following way. The following logical statement has to be true: (M' || S) = Dx(C) - M' is the message
from Y, and S the signature of Y whis is a text with some unusual bytes at the end. After this step if
the H(M') = Dx( Ey (S)) equality stands it means that the decoded message and the original are the
same, and the message wasn't compromised (M' = M).
The encryption and decryption with words:
The signer signs the document by creating a unique fingerprint of the document using a hash
function (SHA-1 or MD5 for example)
The hash code is encrypted using the signer's private key
The signer's public key infrastrucure objects are embedded in the documents
When the receiver verifies the document he compares the actual document to the digital

signature and determines if the document was changed


If the calculated fingerprint (obtained by using the private key) equals the original one, then the
document is valid and it wasn't compromised

Digital certificates
A digital certificate is an electronic document used prove the authenticity of a website. Using
this users can securely exchange information over the
internet. It is based on public key infrastructure also (PKI).
The certificate is released by a Certificate Authority (CA)
who is trusted by all the users of the system. The released
electronic certificate proves without any doubt the inhesion
between the public and private key and contains contains
data which can be used to identify the certificate holder:
Version number: the number of the acutal version
Serial number: a unique number to identify the
certificate
Information about the certification authority:
name, address, web address, etc.
Validity:
the date when it was emitted
expiration date
Information about the certificate holder: name,
address, web address, etc.
Information about the public key:
the algorithm used to encrypt the data
the public key of the holder
Attachment (optional)
As we can see the certificate is divided in two parts:
the first one contains data of the certificates
the second one contains the signature of the certification authority
Digital certificates have a huge role in keeping the surfing on the internet safe, because they
guarantee the authenticity of the server. For example when we are paying using our bank account we
have to be sure that the servers are verified and nobody will compromise the security of our account.

Here is and example, the Digital Certificate of Google.com.

Cryptographic hash function


Hashing is the transformation of a string into a usually shorter, fixed length key , which will
represent the original string. It is used mostly in in databases to retrieve items and in cryptography to
encrypt data. A cryptographic hash function is a hash function which is practically impossible to
decrypt by generating a fixed length alphanumeric string. This generated string is called hash value or
message digest. Generally this encryptions can only be decoded using Brute Force algorithms, to check
if a generated hash matches the one we are trying to decode.

For example the Java Class MessageDigest uses this hash functions to encrypt data into SHA-1 or
SHA-256.
The ideal has function has generally 3 important properties:
it is easy to generate a hash for a given database
it is very hard to calculate an alphanumeric text that has a given hash
it is very unlikely that separated messages will have the same message digest

The program
The program I wrote is a simple demonstration of digital signatures. We enter a message that we
encrypt, and after that we try to decrypt it and see if the message was compromised or not.
It has 3 important parts:
the generation of the key pairs (public and private)
the encryption of the messages
conversion of the message into MD5
singing of the MD5 hash using the private key
the decryption of the encrypted message using the public key

The code of this parts:


The generation of the key pairs:
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024);
final KeyPair pair = keyGen.generateKeyPair();

The encryption of the message:


//encoding the message using MD5 algorithm
MessageDigest md= MessageDigest.getInstance("MD5");
md.update(s.getBytes());
byte[] digest = md.digest();
StringBuffer sb = new StringBuffer();
for(byte b : digest)
sb.append(String.format("%02x", b & 0xff));
//converting the result to a string
m_md5 = new String(sb);
//reading the private key
ObjectInputStream stream = new ObjectInputStream(new FileInputStream("src/privkey.txt"));
final PrivateKey privatekey = (PrivateKey) stream.readObject();
//encryption of the MD5 using the public key

//we generate the signature and sing the message


try
{
Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
sig.initSign(privatekey);
sig.update(m_md5.getBytes());
encrypted_m=sig.sign();
}
catch(Exception e)
{
System.err.println("Exception occured: "+e.toString());
}

The decryption:
//We read the public key from the txt file
ObjectInputStream stream = new ObjectInputStream(new FileInputStream("src/pubkey.txt"));
final PublicKey publickey = (PublicKey) stream.readObject();
boolean t=false;
//We try to decrypt the message
try
{
Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
sig.initVerify(publickey);
sig.update(m_md5.getBytes());
t=sig.verify(encrypted_m);
}
catch(Exception e)
{
System.err.println("Decrypt exception occured: "+e.toString());
}
//we notify the user if the message was compromised or not
if(t==true)
{
textBox4.setText("Encrypted message: "+encrypted_m+"\nDecrypted message: "+m_md5+"\nThe
message was not compromised!");
}
else textBox4.setText("Decrypted message MD5: "+m_md5+"\nThe message was compromised!");

Step by step explanation:

This is how the application is looking after it was started:

Steps:
1. We enter the message we want to encrypt and click on encrypt.
2. If we want to modify the message we enter the modifications in the 2nd text box and after we hit
Modify.
3. We try to decrypt the message by clicking the Decrypt button.
For example, lets suppose that our message that we want to encrypt is Students in Poland. If
we click on Encrypt and after that on Decrypt, the result will be the following:

As we can see the message was not compromised, because we didn't modified the message.
If we would have modified the message to Students in Poland., then the following result would have
appeared:

Bibliography

http://searchsecurity.techtarget.com/definition/digital-signature

Kriptografia Babes-Bolyai University

https://en.wikipedia.org/wiki/Digital_signature

https://www.comodo.com/resources/small-business/digital-certificates-intro.php

http://searchsecurity.techtarget.com/definition/digital-certificate

https://en.wikipedia.org/wiki/Public_key_certificate

https://docs.oracle.com/