Introduction to the concept of electronic signatures
The paradigm of electronic signatures (also called digital signatures) is a process
that makes it possible to guarantee the sender's authenticity (authentication function) and verify the integrity of the received message.
Electronic signatures also feature a non-repudiation function, that is, they make it possible to ensure the sender really sent the message (in other words, they keep the sender from denying he sent the message).
What is a hash function?
A hash function is a function that makes it possible to obtain a hash (also called a message digest) of a text, that is, a fairly short series of characters representing the text it hashes. The hash function must be such that it associates just one hash with a plaintext (this means the slightest modification to the document will cause its hash to be modified). Moreover, it must be a one-way function so the original message cannot be retraced from the hash. If there is a way to find the plaintext from the hash, the hash function is said to have a "trapdoor".
As such, the hash can be said to represent the document's fingerprint.
The most widely used hash algorithms are:
- MD5 (MD meaning Message Digest). Developed by Rivest in 1991, MD5 creates a 128-bit fingerprint from a randomly sized text by processing it in 512-bit blocks. It is common to see downloaded documents from the Internet accompanied by an MD5 file: this is the document's
hash that makes it possible to verify the document's integrity)
- SHA (for Secure Hash Algorithm) creates fingerprints that are 160 bits long.
SHA-1 is an improved version of SHA dating from 1994 and producing a 160-bit fingerprint from a message with a maximum length of 264 bits by processing it in 512-bit blocks.
By sending a message along with its hash, it is possible to guarantee a message's integrity, that is, the recipient can make sure the message was not altered (intentionally or by chance) during the communication.
When receiving the message, the recipient simply has to calculate the received message's hash and compare it with the hash accompanying the document. If the message (or the hash) was falsified
during the communication, the two fingerprints will not match.
Using a hash function makes it possible to verify that the fingerprint corresponds to the received message, but nothing proves the message was actually sent by the person claiming to be the sender.
To guarantee the message's authenticity, the sender simply has to encrypt (we generally say sign) the hash
using his private key (the signed hash is called a seal) and send the seal to the recipient.
When receiving the message, the recipient simply has to decrypt the seal with the sender's
public key, then compare the hash obtained with the hash function with the hash received as an attachment. This seal creation function is called sealing.