When we think of VPNs, often our first thought is that of encryption of the user data. But adversaries or those intent on reading the data could However an attacker could record a conversation and then replay the replies between to participants. What we need to do is to be able to ensure the source of the data is genuine, and that is where digital signatures and certificates comes in.
To construct a Digital Signature, public key encryption systems must be in place. The construction of the Digital Signature entails applying a hash function to the message by concatenation of the message with a known secret key and then applying a mathematical function which will produce a fixed length output known as the digest. The digest is then encrypted with the public decryption key which produces a signature that can be appended to the message to verify that the message is from the genuine source.
The receiver recalculates the hash function and compared with the signature after applying the public key. If the two match, then because only the originator could have known the hash function and the private key, the message must be genuine.
Message Digest algorithms use Hash functions to map many potential inputs to each of a large number of outputs. What is normally produced is a fixed length field, typically a few hundred bits in length. A secret key is shared between sender and receiver and by concatenating this with a message for transfer, the digest… Read More