Digital Signature VS. Message Digest

4
votes

I have message (m), and I want to store some data to verify its integrity after sending it by an insecure way..

I can create a digital signature (DSA / RSA).

  • S(m) = digital signature of m.

Or I can calculate a digest (hash) and cipher it.

  • H(m) = digest of m
  • C( H(m) ) = ciphered data of H(m)

In any case, when the receiver gets the message should verify its integrity.

What method is more secure S(m) or C( H(m) )?

UPDATE

Suppose Alice want to send a message to Bob

Using digital signature:

Alice's part:

  • Compute S(m) using her private key
  • Send m, S(m) and her public key to Bob

Bob's part:

  • Bob receive S(m), m and Alice's public key
  • Bob verify the S(m) using m and Alice's key.

Using digest:

Alice's part:

  • compute C( H(m) ) using Bob's public key
  • send C( H(m) ) and m to Bob

Bob's part:

  • decipher C( H(m) ) using his private key (d)
  • compute H(m)
  • verify integrity of m ( H(m) = d )

I saw a software using the second method I posted, but I think the first one is more secure, am I right?

UPDATE 2

In conclusion, the best way is to use the first method sharing Alice's public key with Bob using a secure way.

The second method provide not security at all.

Thanks to @Perseids

2
securityhashcryptographydigital-signaturedigest
Encryption provides no authentication – in fact encrypted messages are typically authenticated too. So you'll have to go with the signature.ntoskrnl
I updated my question with more details.AlexITC
This question appears to be off-topic because it is not about programming. Ask on crypto.stackexchange.comEugene Mayevski 'Callback

2 Answers

6
votes

None of them works.

Attack on the first: Eve mounts a man in the middle attack and intercepts all messages send by Alice. Instead of forwarding m she forwards n. Instead of the signature on m with Alice' private key she forwards a signature on n with her private key. Instead of Alice' public key she sends Bob her public key. Bob will never see the difference as he does not know Alice public key beforehand.

Attack on the second: Intercept all messages from Alice (and throw them away) and create the same messages as Alice' did, but with n instead of m. Don't forget to pretend to be Alice.

The root of the problem is that Bob needs to have some kind of understanding who Alice really is. If you know nothing more of "Bill Gates" than his name then it easy for me to impersonate him. The standard assumption for digital signatures is that Bob knows Alice' public key from a secure source or that they have exchanged it previously over a secure channel. Then Bob can check Alice' signature against the - known to be good - public key of Alice.

0
votes

In the context of digital signatures, a “message” is usually a hash value — that is a digest of some document (“message” in regular sense). So, when you “sign a document” in proper way, you are applying a one-way transform defined by signature algorithm to the digest of that document — not to the whole document.

You may, of course, invent some other means of message authentication, based on symmetric or asymmetric cryptography, or on both of them at once. But thus you will be definitely reinventing the wheel, and chances are very high that your wheel will turn out to be quadruple or so. Digital signature algorithms are specifically designed for seamless authentication within public key infrastructure. So use them appropriately.