Our Online Store have the new products: RFID antenna board. Currently it can work with JC10M24R and JCOP4 card chips.
Compared with normal cards, the antenna board module has a smaller size and fixed holes, which is easy to integrate in the IOT(Internet Of Things) project.

Basic question on digital signature

Algorithm School

Moderator: UNKNwYSHSA

Squli
Posts: 13
Joined: Wed Sep 14, 2016 4:06 am
Points :156
Contact:

Basic question on digital signature

Post by Squli » Wed Dec 21, 2016 11:07 pm

It's me again. I still have a basic question that need your help. I learned that a digital signature is a mathematical scheme to guarantee message security . Does the Signature do an unique Sign for each transaction? Shall the data be encrypted and decrypted with the same Signature?

tay00000
Posts: 161
Joined: Tue Sep 27, 2016 10:58 am
Points :2324
Contact:

Re: Basic question on digital signature

Post by tay00000 » Thu Dec 22, 2016 1:53 am

Signature algorithms (RSA, ECDSA, DSA) is one thing and Signature Methods (PKCS1 1.5/ OAEP) is another thing. To put it very simplistically, the algorithm is a set of mathematical formula on how you should create a signature (maths and numbers). A method on the other hand is that every algorithm may have deficiencies or require a standard way to compute the algorithm over a bunch of data. In RSA PKCS1 1.5 view, you will generate a bunch of random bytes and insert them into a PKCS1 1.5 message block with the message or hash of message you wish to seal it with your signature and then you have what is called a digital signature.

So yes, message signing formats like PKCS1 do include random bytes to make each signature seemingly unique. If you are worried of forgery, a reliable and secure real-time clock can be used as part of the signature scheme where you sign the accurate timestamp (called timestamping) with or part of your message or hash of message you wish to sign (part or whole whichever you want).

Whether to encrypt the message signature or not is up to you. If you deem that the signature itself needs secrecy, then why not encrypt it. There is the MAC-Then-Encrypt school of thought and Encrypt-Then-MAC school of thought. Essentially, you generate a code to ensure integrity of the message (MAC code or digital signatures) then you encrypt them for the MAC-Then-Encrypt school. The Encrypt-Then-MAC school is the reverse when the MAC code or the digital signature is left in plain sight (plaintext signatures and MAC codes) so that before you waste your time decrypting a possibly tampered message, you can review the MAC code or digital signature to assert the integrity of the ciphertext before actually spending processing resources and time to do the decryption of the ciphertext. Some proponents of the MAC-Then-Encrypt school feels that computing resources are so abundant these days and most smart card chips and even commercial embedded MCUs come with built-in crypto accelerator hardware, they do not mind wasting the resource on attempting to decrypt the ciphertext then check the MAC or signature that is encrypted. The MAC-Then-Encrypt scheme is famously used in the GNuPG/OpenPGP scheme for whoever knows what reasons but for those who feel that they have computing resource to actually utilize and have a necessity to obfuscate or hide their MAC codes or digital signatures to make the life of their attackers harder to forge an encrypted MAC/signature, you may use this scheme to your advantage.

Squli
Posts: 13
Joined: Wed Sep 14, 2016 4:06 am
Points :156
Contact:

Re: Basic question on digital signature

Post by Squli » Thu Dec 22, 2016 4:37 am

Thank you for your thorough answer. So in your opinion, among all the algorithms which algorithm is the securest?

tay00000
Posts: 161
Joined: Tue Sep 27, 2016 10:58 am
Points :2324
Contact:

Re: Basic question on digital signature

Post by tay00000 » Thu Dec 22, 2016 4:41 am

It depends but RSA 2048 and above and ECDSA 256 and above are generally used as baseline.

Squli
Posts: 13
Joined: Wed Sep 14, 2016 4:06 am
Points :156
Contact:

Re: Basic question on digital signature

Post by Squli » Thu Dec 22, 2016 5:00 am

Thanks for your help indeed. You save my day.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 9 guests

JavaCard OS : Disclaimer