A Message Digest is used to guarantee data integrity. It does this by taking an arbitrary long piece of Plaintext and from it computing a fixed length bit string. It does this using a function called a hash function.

Assume that A wants to send a message to B, and A wants to ensure that no data is altered during transmission.

A creates a digest of the message.

A signs the digest using A's secret key. This way, any recipient can know that the digest came from A by using

A's public key to decrypt the message.

Bp (As (message) As (digest (message)))

When B receives the message (whether encrypted for confidentiality and authentication or not), he or she also

receives the signed digest. B can verify the authenticity of the digest by decrypting it with A's public key. B also

knows the hash function, so B can create a digest of the message.

If the message has not been altered, then the digest created by B will match the digest signed by A and delivered

to B. If the digests match, then the message has integrity.

Computing Message digest from a piece of plain text is much faster than encrypting that Plaintext with a public key algorithm, so message digest can be used to speed up digital signature algorithms

What is a digital signing?

"Digital Signing is a new technology which allows people to attach a unique personal code to an electronic document. This code can then be used by recipients of the document to verify the authenticity of the signature. In the paper and pen world, signatures are commonly used in legal and commercial transactions. However in the world of E-Commerce, a system is required which enables people to authenticate themselves electronically over a faceless electronic environment

the Internet."

Digital signature systems provide both authenticity and integrity. In short, digital signature systems provide the means for establishing trust in the electronic world, and allow the rapid advancements in information technology to be utilised to their full potential.

Digital Signatures use Digital Certificates, which are also known as Digital IDs or Digital Passports. Digital Certificates can be stored on computer disks or smartcards and are used to automatically verify the digital signatures.

What are smart cards?

Smart cards are usually the same size as credit cards and are used to store a person’s signing code, as well as their certificate (discussed below). Some smart cards also allow the signing and verification operations to be performed on the cards themselves.

What are Digital Certificates?

Digital certificates are electronic equivalents of a passport or identity card. In the electronic world an individual is identified by a particular set of numbers (their signing and verification codes), much in the same way that the same individual can also be identified by a particular photograph and physical signature. To know which verification codes belong to which people all we need do is check their digital certificates.

Certification Authorities are the organisations that issue digital certificates. Their function is to verify the identity of a particular individual and issue a certificate to that individual. Digital certificates contain as a minimum:

The individual’s identity and verification code

The Certification Authority’s identity and digital signature.

An individual’s certificate will be freely available to anyone wishing to verify a signature. Certification can be provided by either private or governmental organisations. The only requirement is that the Certification Authority is trusted by both the signatory and the recipient.

In principal any public key algorithm can be used for digital signatures. RSA is the industry standard; many security products use it. In 1991 the NIST produced the DSS. Slow to take off (as usual when the government tries to implement cryptographic standards.

Digital signatures utilise advanced mathematical algorithms to produce a representation of the document that depends on both the document itself and the person signing the document.

Digital signatures use two unique number codes, a signing code, or private key, and a verification code, or public key. Together these two codes are often referred to as key-pair.

The signing code is private to the person and should not be revealed to anyone else. If the signing code is obtained by a third party, then it may be possible to forge a person’s digital signature.

The verification code is distributed freely to anyone who wishes to check the person’s signature.

We have talked of the usefulness of Cryptography and the potential it has in the e-commerce market.

Was E-Commerce the father of Cryptography?

Cryptography has its roots as a means of communicating in secrecy during wartime. Caesar himself used it as a means of communicating using the most basic Cryptography. It is responsible for the development of the first computer. In World WAR II the Germans could send messages to the war front securely encrypting them using a machine called the Enigma. The Allies could decrypt these messages given time, however by the time they had decrypted them most were obsolete. This problem was overcome using the first modern style computer called the Calluses. This could decrypt the messages with speed and accuracy something manual decrypting could guarantee. It was this ability to intercept and understand the German communication quickly, that lead to Germanys eventual defeat. The Calluses was destroyed after the War for fear that the technology would fall into the wrong hands. It was not until the 70’s that the existence of the Calluses was acknowledged

It is this mentality that is the driving force behind the US sanction on the export of Encryption technology. The current US law states that anything above a 56 bit strong key needs a munitions licence for export. Cryptography is the Key to Network security but it is countries like the US that feel it threatens political security. The power rests with those who hold the strongest Encryption technology.