IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [digital-signature]

A digital signature (not to be confused with a digital certificate) is an electronic signature that is used to authenticate the identity of a message sender or document signer, and usually to ensure that the original message/document content is unchanged (document integrity).

A digital signature (not to be confused with a digital certificate) is an electronic signature that is used to authenticate the identity of a message sender or document signer, and usually to ensure that the original message/document content is unchanged (document integrity).

895 questions
59
votes
2 answers

Would a digital signature have prevented the CCleaner compromise?

I read today about the CCleaner hack and how code was injected into their binary. People were able to download and install the compromised software before the company had noticed. Isn't this what digital signatures are for? Would signing the binary…
user47894
19
votes
2 answers

What exactly happens when I "validate" a digital signature?

Context: I'm filling my taxes and my country requires me to upload certain documents from my employer to verify the numbers I give to the government. These documents are "digitally signed", like so: Now, before I use these certificates, I'm…
WorldGov
  • 333
  • 2
  • 6
13
votes
3 answers

Can signing too much compromise a private key?

Can a collection of many messages signed with the same private key be abused to either forge signatures so some (but not all possible) messages, or even worse to reconstruct that private key with less effort than from the public key?
Tobias Kienzler
  • 7,868
  • 11
  • 44
  • 71
11
votes
3 answers

What is the difference between an electronic signature and a digital signature

From Wikipedia: An electronic signature, or e-signature, is any electronic means that indicates either that a person adopts the contents of an electronic message, or more broadly that the person who claims to have written a message is the one…
Tim
  • 647
  • 3
  • 8
  • 16
10
votes
1 answer

Is Ed25519 still secure, despite the fault attack published in 2017?

I heard that Ed25519 is a new digital signature. It has smaller public key size and generates a public key more quickly. I read an article about Ed25519 titled Practical fault attack against the Ed25519 and EdDSA signature scheme. The article…
Aymn Alaney
  • 225
  • 2
  • 8
6
votes
3 answers

Confidentiality with digital signatures

Recently I have been working with digital signatures. Some common reasons for applying a digital signature in communication are authenticity, integrity and non-repudiation. Do digital signatures also provide confidentiality?
Taif
  • 79
  • 1
  • 3
6
votes
1 answer

Is there an algorithm to generate digitally signed URL links?

Scenario: Alice prepares an URL link to Bob's web service (e.g., http://www.bob.com/sensitiveData/123?login=mallory). Alice gives the URL link to Mallory. Mallory follows the link to trigger an action in Bob's system. Alice's link is intended for…
Philipp Claßen
  • 1,064
  • 1
  • 8
  • 16
5
votes
2 answers

How can I guarantee non-modification of data with signatures?

I am required to design a system where auditors can come along some time in the future, examine historic data, and be sure that the data has not changed since it was stored. I have a spec that instructs me to timestamp and sign the data when I store…
bbsimonbb
  • 969
  • 7
  • 12
4
votes
2 answers

Help verifying downloaded Kali image

I am following instructions as shown here Operating Windows 7, so have downloaded GPG4WIN. Next instruction: is to enter this command: $ wget -q -O - https://www.kali.org/archive-key.asc | gpg --import So, newbie here, ...am I to enter that into…
Joel
  • 65
  • 1
  • 1
  • 5
4
votes
1 answer

Is there some OSS toolchain for disallowing execution of all unsigned binaries on linux?

Say I'm running a server with Ubuntu and an application stack and I want to lock down potential malicious access. Is there some OSS toolchain for disallowing execution of all unsigned binaries on linux? I'm imagining some toolchain that allows me…
ezekiel
  • 153
  • 2
4
votes
4 answers

A "good enough" digital signature, with short key

In my application, I want to hide debug feature behind a password. I don't want the password to be easily known by issuing strings executable, so I want to rely on digital signature. We want Debbie to be able to debug the program. The main scheme…
Elazar Leibovich
  • 539
  • 2
  • 7
  • 14
3
votes
2 answers

Advantage of group signing over single signing

As I know, signing is used to ensure integrity and authenticity of sender. What is the advantage of group digital signing over individual signing? Can anyone explain this using a scenario?
Bruce
  • 197
  • 1
  • 6
3
votes
3 answers

Digital signatures and truly validating what was actually agreed to

I am developing an application and part of signing up requires a user to sign a contract agreement of using the service. I have been reading around the subject for a few days, and I am fairly happy with all the techniques around digitally signing a…
GWed
  • 143
  • 5
3
votes
2 answers

Why don't we use hash based digital signatures everywhere?

If it is known that existing digital signature schemes like elliptic curve crypto or RSA are vulnerable to quantum computers, why haven't we already switched to Lamport signatures or something like that? Is there something that prevents people from…
user1936752
  • 143
  • 3
3
votes
2 answers

Digital signature with partial recovery

I'm having problems understanding what is meant by "digital signature with partial recovery". I found from Google that digital signature with recovery should mean that the message is recoverable from the signature? Is that right? As I understand…
hs2d
  • 133
  • 3
1
2 3 4