Digital Signatures And Verification


Understanding Digital Signatures

  • Array of bits that provides cryptographically strong guarantees of
    • Authenticity
    • Integrity
    • Non-Repudiation
    • of a digital message.
  • Authenticity
    • This means that the message is coming from the claimed sender.
  • Integrity
    • Means the message has not been changed by a third party during transmission
  • Non-Repudiation
    • Sender cannot deny that they produced the signature
A digital signature is produced using a private key that can be verified using the corresponding public key.
When a message is signed, usually the digital signature algorithm is not applied to the message itself. Instead the signature is applied to the message digest, which is produced using some Cryptographic Hash Function like SHA-256. Such signatures are based on the hash-and-sign-paradigm.

Difference between Digital Signatures And MACs

As we can see both Digital Signatures can provide authentication and integrity. But there are some differences:
  • Digital signatures are produced using asymmetric private keys and authenticated using public keys.
    • MACs use the same symmetric key to produce and authentication tag and it’s verification.
  • It is possible to verify a digital signature without giving away the private key of the signer. Anyone possessing the public key of the private key can verify the signature.
    • With MACs the same key must be possessed by both signer and verifier.

Overview of Digital Signature Algorithms

  • Rivest-Shamir-Adleman in 1977
  • Universal algorithm since it can both encrypt and sign messages.
  • Slowest to sign but fastest to verify (30-70 times).
  • Speed of signing and verification depends on key size.
  • Signatures are very large. For example a signature produced by a 4096 bit key will have size of 4096 bits or 512 bytes. Signatures by other algorithms are significantly smaller.
  • RSA keys are also much longer than modern algorithms.
  • Digital Signature Algorithm developed by David Kravitz for the NSA in 1991
  • Has the similar security level like RSA.
  • Latest FIPS 186-4 from 2013 allows us to use DSA with SHA-224 and SHA-256 hash functions and key lengths upto 3072 bits
  • The produced signatures are much smaller than RSA.
  • Currently being superseded by ECDSA.
  • Elliptic Curve Digital Signature Algorithm
  • Neal Koblitz and Victor Miller in 1985.
  • Variant of DSA that uses Elliptic Curve Cryptography.
  • Shorter key size for the same security levels.

Generating Elliptic Curve Keypair

  • Generate an EC keypair of the lognest length available in OpenSSL, 570 bits
    • openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp521r1 -out ec_keypair.pem
    • -pkeyopt ec_paramgen_curve:secp521r1 → is the NIST b-571 standard curve for Elliptic Curve Cryptography
    • To see full list of supported curves
      • openssl ecparam -list_curves
  • Once keypair has been generated we can see it’s structure
    • openssl pkey -in ec_keypair.pem -noout -text
  • Extracting public key from keypair
    • openssl pkey -in ec_keypair.pem -pubout -out ec_public_key.pem
  • Let’s inspect the structure
    • openssl pkey -in ec_public_key.pem -pubin -noout -text

Signing And Verifying From Generated EC Keypair

There are several options to do this:
  • Deprecated RSA-specific openssl rsautl subcommand
  • openssl dgst command. Usually for message digest calculation but can also be used to sign the digests.
  • openssl pkeyutl command. Can be used to sign with any signature algorithm.
  • Let’s generate a file with sample data that we have to sign
    • seq 20000 > somefile.txt
  • Let’s sign the sample file using the SHA3-512 hash function and the EC keypair we generated
    • openssl pkeyutl -sign -digest sha3-512 -inkey ec_keypair.pem -in somefile.txt -rawin -out somefile.txt.signature
  • Let’s check the filesystem
    • cksum somefile.txt*
      The output is a 139 bytes long signature written to somefile.txt.signature file.
  • Now the idea is to share the original somefile.txt file, the signature in somefile.txt.signature and our public key ec_public_key.pem . Using this public key anyone can verify the signature. Let’s verify
    • openssl pkeyutl -verify -digest sha3-512 -inkey ec_keypair.pem -in somefile.txt -rawin -sigfile somefile.txt.signature
  • Here the openssl pkeyutl when used with the -inkey option expects a key that can perform both signing and verification operations, typically a private key. However if you are trying to verify a signature with just the public key you need to use the -pubin option along with the -inkey parameter like this:
    • openssl pkeyutl -verify -digest sha3-512 -pubin -inkey ec_public_key.pem -in somefile.txt -rawin -sigfile somefile.txt.signature
  • Let’s check if the file was modified what we get
    • echo "additional data" >> somefile.txt openssl pkeyutl -verify -digest sha3-512 -inkey ec_keypair.pem -in somefile.txt -rawin -sigfile somefile.txt.signature openssl pkeyutl -verify -digest sha3-512 -pubin -inkey ec_public_key.pem -in somefile.txt -rawin -sigfile somefile.txt.signature