IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
2. Step: Alice encrypts this hash value with the secret signing key known
only to her. The result is Alice’s digital signature for this file.
3. Step: Alice transmits the digital signature together with the verification
key certificate and the file to Bob.
4. Step: Bob verifies the certificate (for example with the public key of a
certification authority).
5. Step: Bob calculates the hash value of the file he has received.
6. Step: Bob decrypts the digital signature with the aid of the public
verification key contained in the verification key certificate.
7. Step: Bob compares the hash value calculated in step 4 and the
decrypted signature. If they are identical, the digital signature is
verified. If they are not identical, Bob cannot draw any further
conclusions.
8. Step: After the digital signature has been verified, Bob can rely on the
following results:
- If it is certain that indeed only Alice possesses the secret key,
Bob can be sure that the digital signature was generated by
Alice, who is shown in the verification key certificate.
- The file that Bob has received is identical to the file for which
Alice calculated the digital signature.
It should be emphasised that digital signatures only safeguard the objectives of
integrity and non-repudiation, but in no way confidentiality. A digitally signed
message is transmitted as plain text; if it is confidential, it must be encrypted
in addition.
If a digitally signed file contains a declaration of intent from the signer, the
declaration of intent can be attributed indisputably to the signer, if necessary
even in a court of law, on the basis of the signature.
The verification key certificates that are used are in turn themselves files that
are digitally signed by the trustworthy body; these can be checked in the same
way, and provide information about the verification key and the person who
holds the matching secret signing key.
It is worth noting the differences between MACs and digital signatures:
- A digital signature can be verified by anyone who is in possession of the
verification key certificate, whereas MACs can only be verified by the
parties who know the secret authentication key.
- Alice’s digital signature on a message can only be created by Alice; the
MAC value of a message, on the other hand, can be generated by both
parties, Alice and Bob (and anyone else who knows the secret
authentication key). It is therefore impossible for MACs to be used for the
purpose of ensuring non-repudiation.
A law on digital signatures entered force for the Federal Republic of Germany
in the form of Article 3 of the Information and Communication Services Act
(Federal Law Gazette 1879, Part 1, 1997). This governs which security
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000