Askdeveloper Podcast

○ Digital Signatures § Goal: verify Authenticity of a message. § Based on Asymmetric Cryptography. § Basic operations 1. Public / Private keys generation (using some algorithm like RSA) 2. Signing algorithm using the private key 3. Signature verification algorithm using the corresponding public key i. Extending previous Example • Steps (Order is very important, bold stuff is the difference added to authenticate sender) ® Party 1 (Alice) 1. Generates a random AES Session Key (32 bytes / 256 bits) 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits) 3. Encrypt the message to be sent using the AES Session Key & IV 4. Calculate an HMAC of the encrypted message using the AES Session key 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient. 6. Calculate Signature using the private signing key on the HMAC 7. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, HMAC