gnupg-doc 2003.04.06+dak1-1ubuntu1 / usr / share / doc / gnupg-doc / GNU_Privacy_Handbook / html / x216.htm

This file is indexed.

/usr/share/doc/gnupg-doc/GNU_Privacy_Handbook/html/x216.htm is in gnupg-doc 2003.04.06+dak1-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Digital signatures</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="The GNU Privacy Handbook"
HREF="book1.htm"><LINK
REL="UP"
TITLE="Concepts"
HREF="c174.htm"><LINK
REL="PREVIOUS"
TITLE="Hybrid ciphers"
HREF="x210.htm"><LINK
REL="NEXT"
TITLE="Key Management"
HREF="c236.htm"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The GNU Privacy Handbook</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x210.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 2. Concepts</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="c236.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN216"
>Digital signatures</A
></H1
><P
>A hash function is a many-to-one function that maps its input to a
value in a finite set.
Typically this set is a range of natural numbers.
A simple hash function is <I
CLASS="EMPHASIS"
>f</I
>(<I
CLASS="EMPHASIS"
>x</I
>) = 0 
for all integers <I
CLASS="EMPHASIS"
>x</I
>.
A more interesting hash function is 
<I
CLASS="EMPHASIS"
>f</I
>(<I
CLASS="EMPHASIS"
>x</I
>) = <I
CLASS="EMPHASIS"
>x</I
> 
<I
CLASS="EMPHASIS"
>mod</I
> 37, which
maps <I
CLASS="EMPHASIS"
>x</I
> to the remainder of dividing <I
CLASS="EMPHASIS"
>x</I
> by 37.</P
><P
>A document's digital signature is the result of applying a hash
function to the document.
To be useful, however, the hash function needs to satisfy two
important properties.
First, it should be hard to find two documents that hash to the
same value.
Second, given a hash value it should be hard to recover the document
that produced that value.</P
><P
>Some public-key ciphers<A
NAME="AEN230"
HREF="#FTN.AEN230"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
> could be used to sign documents.
The signer encrypts the document with his <I
CLASS="EMPHASIS"
>private</I
> key.
Anybody wishing to check the signature and see the document simply
uses the signer's public key to decrypt the document.
This algorithm does satisfy the two properties needed from a good hash
function, but in practice, this algorithm is too slow to be useful.</P
><P
>An alternative is to use hash functions designed to satisfy these
two important properties.
SHA and MD5 are examples of such algorithms.
Using such an algorithm, a document is signed by hashing it, and
the hash value is the signature.
Another person can check the signature by also hashing their copy of the
document and comparing the hash value they get with the hash value of
the original document.
If they match, it is almost certain that the documents are identical.</P
><P
>Of course, the problem now is using a hash function for digital
signatures without permitting an attacker to interfere with signature
checking.
If the document and signature are sent unencrypted, an attacker could
modify the document and generate a corresponding signature without the
recipient's knowledge.
If only the document is encrypted, an attacker could tamper with the
signature and cause a signature check to fail.
A third option is to use a hybrid public-key encryption to encrypt both
the signature and document.
The signer uses his private key, and anybody can use his public key
to check the signature and document.
This sounds good but is actually nonsense.
If this algorithm truly secured the document it would also
secure it from tampering and there would be no need for the signature.
The more serious problem, however, is that this does not protect either
the signature or document from tampering.
With this algorithm, only the session key for the symmetric cipher
is encrypted using the signer's private key.
Anybody can use the public key to recover the session key.
Therefore, it is straightforward for an attacker to recover the session
key and use it to encrypt substitute documents and signatures to send
to others in the sender's name.</P
><P
>An algorithm that does work is to use a public key algorithm to
encrypt only the signature.
In particular, the hash value is encrypted using the signer's private
key, and anybody can check the signature using the public key.
The signed document can be sent using any other encryption algorithm
including none if it is a public document.
If the document is modified the signature check will fail, but this
is precisely what the signature check is supposed to catch.
The Digital Signature Standard (DSA) is a public key signature 
algorithm that works as just described.
DSA is the primary signing algorithm used in GnuPG.</P
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN230"
HREF="x216.htm#AEN230"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>The cipher must have the property that the actual public key or private
key could be used by the encryption algorithm as the public key.
RSA is an example of such an algorithm while ElGamal is not an example.</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x210.htm"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="book1.htm"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="c236.htm"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Hybrid ciphers</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="c174.htm"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Key Management</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

APT Browse - Built by Thomas Orozco.