Workbook on Digital Private Papers > Administrative and preservation metadata > Metadata for authenticity: hash functions and digital signatures

# Metadata for authenticity: hash functions and digital signatures

## How digital signatures work

The private key of the originator is used as input to the algorithm which transforms the data being signed (or its hash value). This transformation can only be reversed, and the data decrypted and accessed, by use of the originator’s public key, which is provided to the recipient(s) by the originator.

### Creating a digital signature with a private key

Data encryption using asymmetric keys is an expensive operation directly proportional to the size of the data being encrypted; it potentially doubles the size of the data increasing the processing power and bandwidth required to process and transfer the data. A more efficient approach is to first use a secure cryptographic hash function (such as SHA-1) which can take large objects of varying size and produce a unique fixed-size hash value or message digest. The much smaller hash value can then be encrypted with the private key of the originator to produce the digital signature.

Having calculated the message digest this can be encrypted using the private key of the originator to produce the digital signature, as shown in the diagram below:

### Verifying a digital signature created with a private key

The recipient must de-crypt the digital signature using the public key of the originator and recalculate the hash value of the corresponding digital object. If the calculated hash value does not match the result of the decrypted signature, either the object has been altered since being signed, or the signature was not generated with the corresponding private key of the originator.

### Digital signature algorithms

Just as there are a number of algorithms for creating hash values, there are also a number of digital signature algorithms. Two of the most commonly used are RSA and DSA.

**RSA** The RSA digital signature algorithm was developed by Ron Rivest, Adi Shamir and Leonard Adleman at Massachusetts Institute of Technology (MIT) in 1977. RSA can also be used to encrypt and decrypt the data being signed. RSA does not mandate the use of a particular hash function, so the security of the signature and encryption are partly dependent on the choice of hash function used to compute the signature.

**DSA** The DSA (Digital Signature Algorithm) is defined by the Digital Security Standard (DSS) and was developed by the National Institute of Standards and Technology (NIST) in 1991. The algorithm requires a SHA-1 digest to compute its digital signature. The DSA algorithm does not encrypt the data being signed, it purely produces a signature that allows the recipient to verify the authenticity and provenance of the data. DSA signatures can be created as quickly as RSA signatures, but their verification can take much longer.

### The role of trust and certification in validating public keys

The receiver must have confidence that the public key does actually belong to the originator otherwise substitution by a false public key would enable a "man in the middle attack" to compromise the data. One mechanism for asserting the validity of the relationship between the originator and their public key relies on certificates. These are issued by trusted certification authorities who generate and digitally sign certificates binding entities (such as people and organisations) to their public keys. Unfortunately, mechanisms enabling us to trust the signature of the trusted authority on the certificate are also needed; this creates what is known as a ‘chain of trust’, which can become complex and expensive to manage.

An alternative, or complementary, approach is that of self-certification using a key and certificate management utility. One such utility is KeyTool (a Java based tool) which manages a database (keystore) which can contain cryptographic keys, X509 certificate chains and trusted certificates. Utilities of this type permit users and organisations to administer their own private/public key pairs and associated certificates for use in data integrity and authentication services using digital signatures and to self-authenticate to other users/services.

Digital repositories supplying signed objects to users may wish to establish confidence in their public key through the use of a certificate, but this will only be worthwhile if users understand its purpose.