Page 248 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 248
Wireless Networks
Notes the sender's e-mail system has been configured, the digital signature is appended either to the
bottom of the message, creating a "clear signed" message, or the result is combined with the
original message into a binary attachment, creating an "opaque signed" message.
Because the digital signature is added to the original message as an attachment, clear signed
messages can be read by e-mail clients that do not support S/MIME. The signature is discarded
and the original message is displayed by non-S/MIME clients. However, there is no way the
message can be verified; it is essentially the same as an unsigned message. The disadvantage of
clear signed messages is that there is an increased chance for intervening mail gateways to alter
the message, and thus invalidate the signature.
Conversely, because the message and the digital signature are treated as a single binary attachment
in opaque signed messages, they are much less likely to be altered in transit. However, only
an S/MIME client can read the attachment. If a non-S/MIME client receives an opaque signed
message, the message is unreadable.
Opaque-signed messages were, in part, created to solve the problem of e-mail systems that
altered message bodies while e-mail was in transit. It should be noted here that current e-mail
solutions that comply with S/MIME standards do not alter the message body. However, there
are many clients that cannot read opaque-signed e-mail messages. Therefore, sending clear-
signed messages is recommended.
When the message is received, the digital signature can be retrieved and the sender's public
key applied in a decryption operation, which yields the original hash value of the message. A
comparison of this hash value with the hash value of the received message can then be performed.
Because only one private key can correspond to a public key, and only the owner of the public
key could use it to encrypt the hash value successfully, decrypting the hash with the public
key shows that the private key owner encrypted the hash value. Because the hash value is a
numerical representation of the message text, if the encrypted hash value matches the hash value
of the message received, it indicates that the message text that was sent matches the text that
was received. When coupled with the fact that only the private key owner could have sent the
message, the result is that the recipient is assured that only the key owner sent the message, which
provides authentication and, consequently, nonrepudiation. It also shows that the message has
not been changed, which provides data integrity. If the hash values did not match, the recipient
would know that the message had either been altered in transit or that the public key used does
not match the private key used. In both cases, the recipient knows that the message is not valid
and should not be trusted.
Thus, the way that public key cryptography provides the security services that make up digital
signatures can be seen.
The following figure 14.12 shows the sequence of signing with the addition of the supporting
elements of public key cryptography.
Figure 14.12: Sequence of signing Public Key Cryptography
Source: http://technet.microsoft.com/en-us/library/aa998077(v=exchg.65).aspx
z z Message is captured.
z z Hash value of the message is calculated.
z z Sender's private key is retrieved.
242 LOVELY PROFESSIONAL UNIVERSITY
