Â
Understanding Digital Signatures
Â
- Array of bits that provides cryptographically strong guarantees of
- Authenticity
- Integrity
- Non-Repudiation
of a digital message.
- Authenticity
This means that the message is coming from the claimed sender.
- Integrity
Means the message has not been changed by a third party during transmission
- Non-Repudiation
Sender cannot deny that they produced the signature
Â
A digital signature is produced using a private key that can be verified using the corresponding public key.
Â
When a message is signed, usually the digital signature algorithm is not applied to the message itself. Instead the signature is applied to the message digest, which is produced using some Cryptographic Hash Function like SHA-256. Such signatures are based on the hash-and-sign-paradigm.
Â
Difference between Digital Signatures And MACs
Â
As we can see both Digital Signatures can provide authentication and integrity. But there are some differences:
Â
- Digital signatures are produced using asymmetric private keys and authenticated using public keys.
MACs use the same symmetric key to produce and authentication tag and it’s verification.
- It is possible to verify a digital signature without giving away the private key of the signer. Anyone possessing the public key of the private key can verify the signature.
With MACs the same key must be possessed by both signer and verifier.
Â
Overview of Digital Signature Algorithms
Â
RSA
Â
- Rivest-Shamir-Adleman in 1977
- Universal algorithm since it can both encrypt and sign messages.
- Slowest to sign but fastest to verify (30-70 times).
- Speed of signing and verification depends on key size.
- Signatures are very large. For example a signature produced by a 4096 bit key will have size of 4096 bits or 512 bytes. Signatures by other algorithms are significantly smaller.
- RSA keys are also much longer than modern algorithms.
Â
DSA
Â
- Digital Signature Algorithm developed by David Kravitz for the NSA in 1991
- Has the similar security level like RSA.
- Latest FIPS 186-4 from 2013 allows us to use DSA with SHA-224 and SHA-256 hash functions and key lengths upto 3072 bits
- The produced signatures are much smaller than RSA.
- Currently being superseded by ECDSA.
Â
ECDSA
Â
- Elliptic Curve Digital Signature Algorithm
- Neal Koblitz and Victor Miller in 1985.
- Variant of DSA that uses Elliptic Curve Cryptography.
- Shorter key size for the same security levels.
Â
Â
Generating Elliptic Curve Keypair
Â
- Generate an EC keypair of the lognest length available in OpenSSL, 570 bits
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp521r1 -out ec_keypair.pem
-pkeyopt ec_paramgen_curve:secp521r1
→ is the NIST b-571 standard curve for Elliptic Curve Cryptographyopenssl ecparam -list_curves
- Once keypair has been generated we can see it’s structure
openssl pkey -in ec_keypair.pem -noout -text
- Extracting public key from keypair
openssl pkey -in ec_keypair.pem -pubout -out ec_public_key.pem
- Let’s inspect the structure
openssl pkey -in ec_public_key.pem -pubin -noout -text
Â
Signing And Verifying From Generated EC Keypair
Â
There are several options to do this:
- Deprecated RSA-specific
openssl rsautl
subcommand
openssl dgst
command. Usually for message digest calculation but can also be used to sign the digests.
openssl pkeyutl
command. Can be used to sign with any signature algorithm.
Â
- Let’s generate a file with sample data that we have to sign
seq 20000 > somefile.txt
- Let’s sign the sample file using the SHA3-512 hash function and the EC keypair we generated
openssl pkeyutl -sign -digest sha3-512 -inkey ec_keypair.pem -in somefile.txt -rawin -out somefile.txt.signature
- Let’s check the filesystem
cksum somefile.txt*
The output is a 139 bytes long signature written to
somefile.txt.signature
file.- Now the idea is to share the original
somefile.txt
file, the signature insomefile.txt.signature
and our public keyec_public_key.pem
. Using this public key anyone can verify the signature. Let’s verify
openssl pkeyutl -verify -digest sha3-512 -inkey ec_keypair.pem -in somefile.txt -rawin -sigfile somefile.txt.signature
- Here the
openssl pkeyutl
when used with the-inkey
option expects a key that can perform both signing and verification operations, typically a private key. However if you are trying to verify a signature with just the public key you need to use the-pubin
option along with the-inkey
parameter like this:
openssl pkeyutl -verify -digest sha3-512 -pubin -inkey ec_public_key.pem -in somefile.txt -rawin -sigfile somefile.txt.signature
- Let’s check if the file was modified what we get
echo "additional data" >> somefile.txt openssl pkeyutl -verify -digest sha3-512 -inkey ec_keypair.pem -in somefile.txt -rawin -sigfile somefile.txt.signature openssl pkeyutl -verify -digest sha3-512 -pubin -inkey ec_public_key.pem -in somefile.txt -rawin -sigfile somefile.txt.signature
Â
Â