Difference between revisions of "Digital Signature"

From SEGGER Wiki
Jump to: navigation, search
(Created page with "A digital signature is the result of a mathematical computation. It is similar to a hash value such as MD5, but there is one important difference: A digital signature relies o...")
 
m
Line 1: Line 1:
 
A digital signature is the result of a mathematical computation. It is similar to a hash value such as MD5, but there is one important difference:
 
A digital signature is the result of a mathematical computation. It is similar to a hash value such as MD5, but there is one important difference:
A digital signature relies on a private/public key scheme, so one key (typically the private key) is used to generate the signature,
+
a digital signature relies on a private/public key scheme. Thus one key (typically the private key) is used to generate the signature, and
the other one is used to verify it, whereas a hash is a simple mathematical function result, where the same function is used for both generation
+
the other one is used to verify it, unlike a hash which is a simple mathematical function result, where the same function is used for both generation
as well as verification.
+
and verification.
  +
This is a very important difference. A digital signature verification scheme, so algorithm and public key, can be open, well known.
 
  +
This is a very important difference. With a digital signature verification scheme, both the algorithm and public key can be open, well known.
 
This still does not allow a potential attacker to create a signature for a modified document.
 
This still does not allow a potential attacker to create a signature for a modified document.
   

Revision as of 19:56, 22 May 2019

A digital signature is the result of a mathematical computation. It is similar to a hash value such as MD5, but there is one important difference: a digital signature relies on a private/public key scheme. Thus one key (typically the private key) is used to generate the signature, and the other one is used to verify it, unlike a hash which is a simple mathematical function result, where the same function is used for both generation and verification.

This is a very important difference. With a digital signature verification scheme, both the algorithm and public key can be open, well known. This still does not allow a potential attacker to create a signature for a modified document.

Applications There are various applications for digital signatures in Embedded Systems and other places. One simple example is Signature of a document: Alice can make her public key known to the world, and anybody can now verify that a document that claims to be signed by Alice actually is. The only thing they have to assure is that they have the proper public key (used for verification). SEGGER supplies a free tool based on emSecure for exactly this purpose: [Sign&Verify,https://www.segger.com/products/security-iot/emsecure/tools/signverify/].

In Embedded Systems, Digital Signatures can be used for various purposes, such as

  • Firmware updates - Authenticate the source of the firmware update
  • Copy (clone) protection - Using the unique ID of a chip in the system, every device stores a signature which depends on this unique ID. When copied (cloned), the signature does not match, which the firmware can now use to refuse to function.


Algorithms used

  • RSA
  • Elliptic curves

Software libraries One software library that allows generation of keys as well as signature and verification of signatures in any system including Embedded Systems is SEGGER's emSecure.