InfoSec Notes
Complete guide to digital signatures covering RSA and ECDSA signing, verification process, certificate chains, applications in code signing and documents, with Python implementations.
What are Digital Signatures?
A digital signature is a cryptographic mechanism that provides authentication, integrity, and non-repudiation for digital messages or documents. It is the digital equivalent of a handwritten signature but far more secure — it mathematically binds a message to the signer's identity.
Digital Signature vs Handwritten Signature
=============================================
Handwritten
- Can be forged (copied)
- Same for all documents
- Cannot detect document changes
- Disputed authenticity requires expert analysis
Digital
- Cannot be forged without private key
- Different for every document signed
- Any document change invalidates signature
- Verification is mathematical (objective)
How Digital Signatures Work
SIGNING PROCESS
==================
Document Private Key
| |
v |
[Hash Function] |
(SHA-256) |
| |
v v
Message Digest ---------> [Signing Algorithm]
(256-bit hash) (RSA-PSS/ECDSA)
|
v
Digital Signature
(attached to document)
VERIFICATION PROCESS
======================
Received Document Received Signature Public Key
| | |
v | |
[Hash Function] | |
(SHA-256) v v
| [Verification Algorithm] |
v | |
Computed Digest v |
| Extracted Digest <---------+
| |
+----------> [Compare] <-------+
|
v
VALID or INVALID
Implementation in Python
RSA vs ECDSA Signatures
| Feature | RSA-2048 | ECDSA (P-256) |
|---|---|---|
| Signature size | 256 bytes | 64 bytes |
| Public key size | 256 bytes | 64 bytes |
| Sign speed | Slower | Faster |
| Verify speed | Faster | Slower |
| Security level | 112 bits | 128 bits |
| Standard | PKCS#1, PSS | FIPS 186-4 |
| Use cases | Certificates, email | TLS, Bitcoin, mobile |
Applications of Digital Signatures
Code Signing
Code Signing Process
========================
Developer
Source Code → [Compile] → Binary
Binary → [Hash SHA-256] → Digest
Digest → [Sign with Dev Certificate] → Signature
Package: Binary + Signature + Certificate
User/OS Verification
Binary → [Hash SHA-256] → Computed Digest
Signature → [Verify with Dev's Public Key] → Original Digest
Compare: Computed == Original?
Certificate → [Verify against Trusted Root CAs]
All pass? → Software is authentic and untampered
Any fail? → "Unknown publisher" warning or block
Document Signing (PDF, DOCX)
PDF Digital Signature:
========================
Signer: Verifier:
1. Open PDF 1. Open signed PDF
2. Add signature field 2. Software extracts signature
3. Hash document content 3. Verify certificate chain
4. Sign hash with private key 4. Verify hash matches content
5. Embed signature + cert in PDF 5. Check timestamp (if present)
6. Display: ✓ Valid / ✗ InvalidCertificate Chains and Trust
Certificate Chain of Trust
==============================
Root CA Certificate (self-signed, stored in OS/browser)
│ Signs ↓
├── Intermediate CA Certificate
│ │ Signs ↓
│ ├── End-Entity Certificate (your server/person)
│ │ Contains: Public Key, Identity, Validity Period
│ │ Signed by: Intermediate CA
│ │
│ └── Another End-Entity Certificate
│
└── Another Intermediate CA
└── End-Entity Certificates
Verification walks UP the chain
End-Entity → Signed by Intermediate? ✓
Intermediate → Signed by Root? ✓
Root → Trusted by OS/Browser? ✓
All valid? → Signature is trusted
Interview Questions
- How do digital signatures provide non-repudiation?
- Only the private key holder can create a valid signature. Since the private key is assumed to be under sole control of the owner, they cannot deny signing. The certificate authority vouches for key ownership, and timestamps prove when the signature was created.
- What is the difference between encryption and signing with RSA?
- Encryption: Encrypt with public key, decrypt with private key (confidentiality). Signing: Sign with private key, verify with public key (authentication/integrity). They are mathematically inverse operations but serve different purposes.
- Why do we hash the message before signing rather than signing the entire message?
- RSA can only operate on data smaller than the modulus (e.g., 256 bytes for RSA-2048). Hashing reduces any document to a fixed size. It's also much faster to sign a 32-byte hash than a multi-gigabyte file.
- What happens when a code signing certificate expires?
- Without timestamping, signatures become invalid after certificate expiry. With RFC 3161 timestamping, the signature includes a trusted timestamp proving it was created while the certificate was valid, so the signature remains valid even after expiration.
- Explain the difference between RSA-PSS and PKCS#1 v1.5 signatures.
- PKCS#1 v1.5 is the older scheme — deterministic (same message → same signature) and has known theoretical weaknesses (Bleichenbacher-style attacks). PSS (Probabilistic Signature Scheme) includes random salt, making signatures non-deterministic and provably secure under the RSA assumption.
Summary
Digital signatures are essential for establishing trust in the digital world. They provide mathematically verifiable proof of document authenticity and integrity. When implementing digital signatures, use RSA-PSS or ECDSA with SHA-256, include timestamps for long-term validity, validate certificate chains, and protect private keys with HSMs in production environments.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Digital Signatures.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, cryptography, digital, signatures, digital signatures
Related Information Security Topics