Differences between current version and predecessor to the previous major change of Signature.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 2 | Last edited on Thursday, May 26, 2005 11:31:46 pm | by AristotlePagaltzis | |
Older page: | version 1 | Last edited on Sunday, March 14, 2004 6:14:57 am | by StuartYeates | Revert |
@@ -1 +1,7 @@
-In PublicKeyEncryption, a [Signature] is a [
CryptographicHash]
of a message which is
signed with the
PrivateKey and appended to the message. This allows any holders
of the PublicKey to
verify that the signature
was created by a holder of the private key. The exact meaning of the signature depends on
the system (
and often what is being
signed)
, for example signing someone else's PublicKey after
a KeySigningParty is quite different
to signing an
[Email
] to a friend
.
+In PublicKeyEncryption, a [Signature] is a CryptographicHash of the
signed message, encrypted
with signing party's
PrivateKey and appended to the message. Holders
of the PublicKey can
verify that the message
was created by a holder of the PrivateKey by decrypting
the hash
and comparing it with their own hash of the received message.
+
+Things such as [Email] or [Software] are generally
signed to prevent tampering with them in transit
, but the concept can also be used
for other purposes. [SigningAKey], f.ex at
a KeySigningParty, conveys trust from the signging party
to the signed key.
+
+Software packages sometimes come with a
[Signature
] to allow independent verification that the software has not been tampered during transit, such as when
a download mirror is corrupted. Several LinuxDistribution~s have [Signature] support integrated into their PackageManagement. Signed OpenSource software generally comes with an [OpenPGP]-based [Signature], ClosedSource is generally signed with a [X509] certificate.
+
+More developers should sign their releases (much like more people should sign their [Email]). See also [The Software Signature Page | http://aharp.ittns.northwestern.edu/software-sig.html]
.