Manualshelf

User Manual

ManualsBrandsSeagate Technology ManualsSeagate Technology Hard Drives & StorageSeagate 2TB EXOS 7E2000 ENT CAP 2.5 HDD - ST2000NX0273
21222324252627282930
Enterprise Self-Encrypting Drive User’s Guide, Rev. B 26
7.0 Asymmetric keys and digital signatures
We saw back in Section 1.2 how to create a digest by hashing the clear text message. If this digest is then appended to
the message itself it can provide a convenient data integrity check after transmission. This process is reviewed in Fig-
ure 17.
Figure 17. Using the hash digest to check message integrity
We can take this process one stage further, and use the digest to create a digital signature for the sender, but first we
have to introduce the concept of asymmetrical encryption keys.
In our discussions on data encryption we have used the same key, a symmetrical key, to both encrypt and decrypt the
plain text data, and we used the analogy that the same key is used to both lock and unlock the door to our house.
Now let’s extend this analogy to a safety deposit box in a bank vault. To open the box, two different (asymmetrical)
keys are required, one is held by the customer and one by the bank. This provides an added level of security by ensur-
ing that boxes can only be opened in the presence of a bank employee who has verified the identity of the customer.
This concept would be very useful to protect messages from snoopers if the sender could encrypt the message with
one key and relax in the knowledge that only the recipient, who has the second key of the matched pair, can decrypt
it. In fact, this is how a secure messaging system works.
Let’s consider Marge and Alan who want to send private messages to each other on their network. They each have a
pair of keys identified as a private key and a public key. They keep their private keys to themselves and send their pub-
lic keys to each other. Using these keys they can
a. Sign their messages to prove authenticity, and
b. Encrypt the message to ensure privacy.
Let’s take a look at how Marge will sign her message to Alan.
In Figure 18, Marge has run her message through the hashing algorithm and obtained the digest. She now encrypts
the digest with her private key and this becomes her digital signature which she appends to the original message and
sends to Alan. Alan strips the signature from the message and decrypts it with Marge’s public key to recover the mes-
sage digest. He also hashes the message to create a second digest. A comparison of the two digests will prove the
integrity of the message and if the message came from Marge.
This process verifies the sender of the message but it does nothing to protect the message from snoopers since it was
sent as clear text.