64 Chapter 3 ■ Cryptography
A hash function is used in both creating and verifying a digital signature. A hash func-
tion is an algorithm that creates a digital representation, or fingerprint, in the form of a
hash value or hash result of a standard length (which is usually much smaller than the
message but unique to it). Any change to the message invariably produces a different hash
result when the same hash function is used. In the case of a secure hash function, known
as a one-way hash function, it is not possible to derive the original message from the
hash value.Hashing is a one-way process commonly used to validate the integrity of
information. A hash function generates a fixed-length value that is always
the same length no matter how large or small the data entering the process
or algorithm happens to be. Additionally, the resulting output is intended
to be nonreversible or very nearly impossible to reverse. The fixed-length
value generated needs to be unique for every different input that enters the
process. It is due to this unique property and behavior that hashes are used
to detect the changes that may happen in data of any type.To perform verification of the message, hashing is used as part of the digital signature
creation. When the message is received by the intended party or parties, the hashing
process is re-created and then compared to the one the original sender created. If the two
match, the message is verified as being unchanged because the hashes match.But How Do You Know Who Owns a Key?
How do you know a key belongs to a certain individual? Well, that’s where certification
authorities (CAs) come into play. To bind a key pair to a specific signer, a CA will issue
what is known as a digital certificate, an electronic credential that is unique to a person,
computer, or service. When a party is presented with the certificate, they can view the cre-
dential, inspect the private key, and use it to verify the private key, or more accurately, any-
thing that was performed with the private key.A certificate’s principal function is to bind a key pair with a particular
subscriber. The recipient of the certificate wants to verify that the digital
signature was created by the subscriber named in the certificate; to do so,
they can use the public key listed in the certificate to verify that the digital
signature was created with the corresponding private key.The certificate is issued under certain conditions, and if those conditions are violated or
called into question, then the certificate must be revoked. If the user were to lose control of
the private key, the certificate becomes unreliable, and the CA may revoke the certificate.
A digital certificate is a cryptographically sealed object that is populated with various
pieces of information. Some of the items included on the digital credential are: