Chapter 24 – Public Key Cryptography and the RSA Cipher 397bundled with the text.) More information about plaintext files and binary files can be found at
http://invpy.com/plainvsbinary.
Practice Exercises, Chapter 24, Set A
Practice exercises can be found at http://invpy.com/hackingpractice24A.
Digital Signatures
Digital signatures is a very large topic of its own, but we can cover a little of it here. Let’s say
Alice sent this email to Bob:
From: [email protected]
To: [email protected]
Subject: Our agreement.Dear Bob,
I promise to buy your old broken laptop for one
million dollars.Sincerely,
AliceThis is great news to Bob, who wants to get rid of his worthless laptop for any price. But what if
Alice later claims that she didn’t make this promise, and that the email Bob has is a forgery that
didn’t really come from her. The email just exists as some file on Bob’s computer. Bob could
have easily created this file himself.
If they had met in person, Alice and Bob could have signed a contract. The handwritten signature
is not easy to forge and provides some proof that Alice really did make this promise. But even if
Alice signed such a paper, took a photo of it with her digital camera, and sent Bob the image file,
it is still believable for Alice to say that the image was photoshopped.
The RSA cipher (and any public key cipher) not only provides encryption, but it can also provide
a way to digitally sign a file or string. Remember that RSA has a public key and a private key,
and that any string that is encrypted with one key produces ciphertext that can only be decrypted
with the other key. Normally we encrypt with the public key, so that only the owner of the private
key can decrypt this ciphertext.
But we can also do the reverse. If Alice writes this message, and then “encrypts” it with her
private key, this will produce “ciphertext” that only Alice’s public key can decrypt. This
“ciphertext” isn’t really so secret since everyone in the world has access to Alice’s public key to