Differences between current version and predecessor to the previous major change of Signature.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 2 Last edited on Thursday, May 26, 2005 11:31:46 pm by AristotlePagaltzis
Older page: version 1 Last edited on Sunday, March 14, 2004 6:14:57 am by StuartYeates Revert
@@ -1 +1,7 @@
-In PublicKeyEncryption, a [Signature] is a [ CryptographicHash] of a message which is signed with the PrivateKey and appended to the message. This allows any holders of the PublicKey to verify that the signature was created by a holder of the private key. The exact meaning of the signature depends on the system ( and often what is being signed) , for example signing someone else's PublicKey after a KeySigningParty is quite different to signing an [Email ] to a friend
+In PublicKeyEncryption, a [Signature] is a CryptographicHash of the signed message, encrypted with signing party's PrivateKey and appended to the message. Holders of the PublicKey can verify that the message was created by a holder of the PrivateKey by decrypting the hash and comparing it with their own hash of the received message.  
+Things such as [Email] or [Software] are generally signed to prevent tampering with them in transit , but the concept can also be used for other purposes. [SigningAKey], f.ex at a KeySigningParty, conveys trust from the signging party to the signed key.  
+Software packages sometimes come with a [Signature ] to allow independent verification that the software has not been tampered during transit, such as when a download mirror is corrupted. Several LinuxDistribution~s have [Signature] support integrated into their PackageManagement. Signed OpenSource software generally comes with an [OpenPGP]-based [Signature], ClosedSource is generally signed with a [X509] certificate.  
+More developers should sign their releases (much like more people should sign their [Email]). See also [The Software Signature Page |]