Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [signature]

Algorithms and protocols for creating signatures to documents, and verifying such signatures. These are normally asymmetric, for symmetric signatures see [mac].

1531 questions
251
votes
2 answers

What are the differences between a digital signature, a MAC and a hash?

A message may be accompanied with a digital signature, a MAC or a message hash, as a proof of some kind. Which assurances does each primitive provide to the recipient? What kind of keys are needed?
Flimm
  • 2,818
  • 4
  • 16
  • 17
154
votes
7 answers

Should we sign-then-encrypt, or encrypt-then-sign?

Frequently, we want to send messages that are (a) encrypted, so passive attackers can't discover the plaintext of the message, and (b) signed with a private-key digital signature, so active attackers can't make Alice think that a message came from…
David Cary
  • 5,744
  • 4
  • 22
  • 35
98
votes
3 answers

How does RSA signature verification work?

I understand how the RSA algorithm works for encryption and decryption purposes but I don't get how signing is done. Here's what I (think) I know and is common practice: If I have a message that I want to sign, I don't sign the message itself but I…
Krumelur
  • 1,205
  • 2
  • 11
  • 8
62
votes
4 answers

Why hash the message before signing it with RSA?

The diagram below illustrates the process of digitally signing a message with RSA: As diagram shows, the message is first hashed, and the signature is then computed on the hash, rather than on the full message. Why hash the data before signing it?…
evening
  • 1,383
  • 3
  • 15
  • 22
59
votes
2 answers

Is the software that uses PGP broken, or is it PGP itself?

PGP is all over the news (even on TV) and there seems to be a lot of confusion about it. For the time being, people face articles like Attention PGP users: new vulnerabilities require you to take action now which tell readers to deactivate their PGP…
Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
53
votes
2 answers

Signatures: RSA compared to ECDSA

I'm signing very small messages using RSA, and the signature and public key are added to every message, which requires a lot of space compared to the actual content. I'm considering switching to ECDSA, would this require less space with the same…
Maestro
  • 1,069
  • 1
  • 10
  • 17
42
votes
12 answers

Is it possible to create a "digital seal" to tell if a document has been opened?

So, in real life we have a handful of ways to leave a physical mark on a packet to know if it has been opened without authorization (eg. you can use 'opened' security tapes, or you can put a signature or stamp right through the envelop opening). One…
Jaime Silva
  • 521
  • 1
  • 4
  • 3
37
votes
4 answers

Can ECDSA signatures be safely made "deterministic"?

Using the terminology of the ECDSA Wikipedia page, ECDSA (and DSA) signatures require a random k value for each signature which ensures that the signature is different each time even if the message and key are the same. For some applications, a…
ByteCoin
  • 747
  • 1
  • 6
  • 7
34
votes
5 answers

Is it bad to expose the public key?

I am studying about blockchain and have been focusing on encryption protocols that allow authentication. The digital signature of public and private key seems solid, I have focused on the algorithm ED25519. But in some places, some people say about…
Victor França
  • 459
  • 1
  • 5
  • 6
32
votes
2 answers

Using the same RSA keypair to sign and encrypt

The RSA signature operation is basically the same as encrypting with the private key. In particular, both operations use the same kind of keys. Is it safe to use the same RSA keypair both for encryption / decryption and for signing / verification?
Lay András
  • 421
  • 1
  • 4
  • 3
28
votes
3 answers

What is the length of an RSA signature?

Is it the same as the bits of the key (So a 2048 bit system will yield a 2048 bit signature)? At most as the key? Or something else entirely?
ispiro
  • 2,085
  • 2
  • 18
  • 29
27
votes
2 answers

Is RSA encryption with a private key the same as signature generation?

It is often said that RSA encryption of a cryptographic hash with a private key is the same as signing (signature generation). And that verification consists of decryption using a public key. Is RSA encryption with a private key over a cryptographic…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
25
votes
3 answers

Are there any practical implementation of a homomorphic hashing or signature scheme?

A homomorphic hash function is a function $H : A \to B$ between two sets with some algebraic structure $(A, *)$ and $(B, \star)$ such that $H$ is collision resistant, i.e. it is hard to find $x \neq y$ such that $H(x) = H(y)$ and $H$ is a…
sashank
  • 6,234
  • 4
  • 36
  • 68
25
votes
3 answers

FIPS 140-2 Compliant Algorithms

Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only "AES". Any suggestions would be much appreciated.
Siva Arunachalam
  • 353
  • 1
  • 3
  • 6
23
votes
2 answers

Is it possible for Alice and Bob to both sign a message "simultaneously"?

Let's say that there is a message which is considered valid if signed by both Alice and Bob. Alice could sign the message and then give it to Bob, so that he can sign it and give it back to her. But, for various reasons, Alice doesn't want Bob to…
Jehan
  • 374
  • 1
  • 6
1
2 3
99 100