Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our digital signatures module. We can use a symmetric cryptography for authentication. We can use it in two different modes, confidentiality mode and authentication mode. In the top example, we are trying to keep data confidential while it's being transmitted across the internet. We obtain a copy of our recipients public key, which can be publicly shared without any concern of losing the confidentiality of your data.
Once we obtain a copy of the recipient's public key, we can encrypt the message, or encrypt the file using the recipient's public key. Once it is encrypted, only the recipient's private key can un-encrypt the data, and only our recipient should have a copy of the private key. So once the data is transmitted to them, they can use their private key to decrypt it.
We can also use asymmetric cryptography to authenticate the identity of an individual. At the bottom, we can see that the sender has a file that they would like to send us, they generate a hash value for that file, and then they encrypt it with their private key, which only they have access to.
They can then transmit the data to us over the internet or using some other medium. And once we receive the data, we can decrypt it using the sender's public key, which is publicly available. We know that anything we can successfully decrypt using the senders public key, must have been encrypted with the sender's private key, which only they have access to.
Therefore, we can verify that the sender was the one who encrypted the data. And when we can verify that the hash value matches, we know that the data has not been tempered with. We can use digital signatures to provide none repudiation. None repudiation prevents a sender from denying that they perform some activity, such as sending an email.
A digital signature is an encrypted hash, which can be generated by a sender to provide authentication of the email's origin and proof of the sender's identity. It also can provide data integrity and non-repudiation. We use a digital signature algorithm or DSA to automate this process. This process begins with a SHA-1 or SHA-2 hash created from any documents or files that are being sent, and this uses asymmetric encryption, either RSA or ECC.
And only the hash of the file is encrypted, not necessarily the data itself. So this is designed for non repudiation, not necessarily for confidentiality. This is legally binding for most computer based transactions. And we can sign all sorts of data like certificates, programs, and email messages. The sender is not able to deny their activity unless they can prove that someone was able to get access to their secure, private key.
Let's take a look at how this would work with a sender who wants to send a secure document. First, they would generate a hash value for the document, such as a SHA-1 hash. They would then encrypt that hash value with their private key. And send a copy of the hash along with the data and the message.
Once the recipient receives the file, they will decrypt the hash using the sender's public key, which proves that the sender had to have been the one to encrypt it. They will then generate a new hash for the file and make sure that the hash values match. When both hash values match, the recipient knows that the data has not been tampered with, and can verify that it came from the individual they believe it came from.
For the CISSP exam, you should remember that a digital signature is just an encrypted hash used to verify a sender and provide non-repudiation. This graphic depicts the process. Bob would like to send a file to Alice. He takes the file and performs a SHA-1 hash algorithm and generates a hash value or digest for the file.
He then encrypts that files hash value with his private key, attaches the encrypted hash to the file itself and sends it to Alice. Once Alice receives the file from Bob, she will first decrypt the encrypted hash using Bob's public key. When she decrypts this with Bob's public key, she knows that Bob was the only person that could have sent her that message.
She will then perform her own independent hashing process on the file with the same algorithm create a hash digest. When Alice sees that the hash value she generated matches the hash value that Bob sent her, she can now be comfortable knowing that the file has not been tampered with.
We can also use digital signatures for code signing and validation. A digital signature can be attached to an application's executable files, scripts, and resource files in order to ensure that they have not been tampered with. This increases the security of an application by proving that the creator of the program is verified and also proving that the code has not been modified.
You can right click on the program and select properties and you will be able to see this information there if the program has been signed. The verification is done with public key infrastructure and a certificate revocation list. So any applications that are digitally signed or any Java applets that are digitally signed in a browser can be verified using this process.
Microsoft even digitally signs Windows drivers and a verification check is performed before drivers are permitted to be used on a system. One important concept to remember for the CISSP exam is that just because something is code signed, does not mean that it is safe to execute on your computer.
It simply means that the creator has been verified and that the code has not been modified. But it does not mean that the code is safe. We can also use message authentication code or MAC to authenticate without a public key infrastructure. So if Alice wants to verify that a message is coming from Bob, they can both agree on some type of shared key prior to transmission. Bob can then generate a hash value for the file that he's going to send Alice, and combine it with the shared secret key and then he can send this data to Alice and Alice can then verify the hash value and the secret key, in order to verify that the data is accurate.
We refer to this as MAC, or message authentication code, or HMAC hash based message authentication code. This concludes our digital signatures module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!