Common Data Security Architecture (CDSA) White Paper
24 Chapter1
Common Data Security Architecture (CDSA) White Paper
Cryptography Service Provider (CSP) API
unique set of bits corresponding to the data. Typically generated hashes are very small (e.g.
20 bytes).
[2] A encrypts the hash using A’s private key to create A’s “digital signature.”
[3] A passes the digital signature, encrypted symmetric key, and bulk-encrypted data to B.
[4] B uses B’s private key to decrypt the encrypted symmetric key.
[5] B uses the symmetric key to decrypt A’s bulk-encrypted data.
[6] With knowledge of what hash function A used to generate A’s digital signature, B
calculates the hash over A’s data.
[7] B uses A’s public key to decrypt A’s hash of A’s data.
[8] B compares A’s hash of A’s data to B’s hash of A’s data.
Since only A’s public key can decrypt data that A encrypted using A’s private key, B knows
that the data came from A, and further, that it has not been tampered with, since A’s hash of
A’s data and B’s hash of A’s data are identical.
All basic cryptographic operations discussed above (symmetric key encryption, dual
assymetric key cryptography, hashing, and digital signatures) can be found in the HP CDSA
library’s capabilities. The APIs for using CDSA are discussed in the sections that follow.