Annotated edit history of
Signature version 2, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 2 |
AristotlePagaltzis |
1 |
In PublicKeyEncryption, a [Signature] is a CryptographicHash of the signed message, encrypted with signing party's PrivateKey and appended to the message. Holders of the PublicKey can verify that the message was created by a holder of the PrivateKey by decrypting the hash and comparing it with their own hash of the received message. |
| |
|
2 |
|
| |
|
3 |
Things such as [Email] or [Software] are generally signed to prevent tampering with them in transit, but the concept can also be used for other purposes. [SigningAKey], f.ex at a KeySigningParty, conveys trust from the signging party to the signed key. |
| |
|
4 |
|
| |
|
5 |
Software packages sometimes come with a [Signature] to allow independent verification that the software has not been tampered during transit, such as when a download mirror is corrupted. Several LinuxDistribution~s have [Signature] support integrated into their PackageManagement. Signed OpenSource software generally comes with an [OpenPGP]-based [Signature], ClosedSource is generally signed with a [X509] certificate. |
| |
|
6 |
|
| |
|
7 |
More developers should sign their releases (much like more people should sign their [Email]). See also [The Software Signature Page | http://aharp.ittns.northwestern.edu/software-sig.html]. |
