View Source: Signature - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages

In PublicKeyEncryption, a [Signature] is a CryptographicHash of the signed message, encrypted with signing party's PrivateKey and appended to the message. Holders of the PublicKey can verify that the message was created by a holder of the PrivateKey by decrypting the hash and comparing it with their own hash of the received message.

Things such as [Email] or [Software] are generally signed to prevent tampering with them in transit, but the concept can also be used for other purposes. [SigningAKey], f.ex at a KeySigningParty, conveys trust from the signging party to the signed key.

Software packages sometimes come with a [Signature] to allow independent verification that the software has not been tampered during transit, such as when a download mirror is corrupted. Several LinuxDistribution~s have [Signature] support integrated into their PackageManagement. Signed OpenSource software generally comes with an [OpenPGP]-based [Signature], ClosedSource is generally signed with a [X509] certificate.

More developers should sign their releases (much like more people should sign their [Email]). See also [The Software Signature Page | http://aharp.ittns.northwestern.edu/software-sig.html].

2 pages link to Signature:

Last edited on Thursday, May 26, 2005 11:31:46 pm by AristotlePagaltzis

Edit PageHistory Diff Info LikePages