Module 10 : Hash Function Digital Signatures

Lecture 3 : Blind & Prony Signature

 

Digital Signature Generation:-

Prior to the generation of a digital signature, a message digest shall be generated on the information to be signed using an appropriate approved hash function.

    Using the selected digital signature algorithm, the signature private key, the message digest, and any other information required by the digital signature process, a digital signature shall be generated according to the Standard.

    The signatory may optionally verify the digital signature using the signature verification process and the associated public key. This optional verification serves as a final check to detect otherwise undetected signature generation computation errors; this verification may be prudent when signing a high-value message, when multiple users are expected to verify the signature, or if the verifier will be verifying the signature at a much later time.

Digital Signature Verification and Validation:-

In order to verify a digital signature, the verifier shall obtain the public key of the claimed signatory,(usually) based on the claimed identity. A message digest shall be generated on the data whose signature is to be verified (i.e., not on the received digital signature) using the same hash function that was used during the digital signature generation process. Using the appropriate digital signature algorithm, the domain parameters (if appropriate), the public key and the newly computed message digest, the received digital signature is verified in accordance with this Standard. If the verification process fails, no inference can be made as to whether the data is correct, only that in using the specified public key and the specified signature format, the digital signature cannot be verified for that data.

Before accepting the verified digital signature as valid, the verifier shall have

  1. assurance of the signatory claimed identity,
  2. assurance of the validity of the public key, and
  3. assurance that the claimed signatory actually possessed the private key that was used to generate the digital signature at the time that the signature was generated.

 
If the verification and assurance processes are successful, the digital signature and signed data shall be considered valid. However, if a verification or assurance process fails, the digital signature should be considered invalid.