Excerpted from InformIT.
The PKI service of integrity may employ one of two techniques. First, a digital signature, while it serves the purpose of providing authenticity (that is, entity authentication), simultaneously provides integrity over the signed data. This is a consequence of a necessary property of cryptographic hash algorithms and signature algorithms; any change in the input data leads to a large, unpredictable change in the output with very high probability. In other words, if the data has changed (either by accident, or by deliberate manipulation) between "there" and "here" or between "then" and "now," the signature will fail to verify, and the loss of integrity will be obvious to the recipient. If, on the other hand, the signature verifies, the recipient is very likely to be in possession of the original (that is, unaltered) data.
The second technique that can be employed for integrity is a Message Authentication Code, or MAC. This technique typically uses a symmetric block cipher (for example, DES-CBC-MAC [FIPS113]) or a cryptographic hash function (for example, HMAC-SHA-1 [RFC2104]). Although these are both symmetric solutions (as opposed to public-key solutions), it is important to note that they are both keyed mechanisms; in particular, they depend on a key that must be shared between the sender of the integrity-protected data and the "consumer" (for example, receiver) of the integrity-protected data. In some environments, the shared key can be derived from a PKI (see IPsec [RFC2401, RFC2411] for example).
The PKI service of integrity for this second technique, then, is that of putting in place the mechanisms to achieve this key sharing when necessary. If Alice wants to send to Bob some integrity-protected data and Bob has an encryption public key, Alice can employ the following sequence of steps:
- Generate a fresh symmetric key.
- Use the symmetric key to generate a MAC for the data.
- Encrypt the symmetric key for Bob using his encryption public key.
- Send the data to Bob along with the encrypted key.
Alternatively, if Bob has a key exchange public key (such as a Diffie-Hellman public key), Alice can instead use the following procedure:
- Use Bob's key-exchange public key in combination with her key-exchange private key to generate a symmetric key.
- MAC the data using that symmetric key.
- Send the data to Bob along with her public key certificate.
Bob can then regenerate the symmetric key using Alice's public key and his own private key to verify the integrity of the data.
If a digital signature is not used to provide data integrity, a good cryptographic MAC function is required.
Read the rest of this tip on InformIT. You have to register there, but it's free.
Did you like this tip? Like or hate it, why not let us know? E-mail to sound off, or visit our tips page to rate this and other tips, or submit one of your own.
Related BookPKI: A Wiley Tech Brief
By Tom Austin
This is a plain-language tutorial on the most important security technology for Internet applications.