Hi. I don't know if this question can be considered within the scope of this course (it can be considered as related to the Web-tier Security topic), but I can't find any satisfying answer in the Web. I know well how a digital signature works:
Signer: 1) The message is first processed by a hash function to create a hash. 2) The hash is encrypted using the private key 3) The message and the encrypted hash are sent. Verifier: 1) The message is processed through the same hash function used by the signer. 2) The hash is decrypted with the signer's public key. 3) The recently hashed message and the decrypted hash are compared to verify the signature. The question that I can't get out of my head is: why is it necessary to hash the message? Why can't it only be enough with encrypting the message? Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Java EE (J2EE) Programming with Passion!" group. To post to this group, send email to java-ee-j2ee-programming-with-passion@googlegroups.com To unsubscribe from this group, send email to java-ee-j2ee-programming-with-passion+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/java-ee-j2ee-programming-with-passion?hl=en -~----------~----~----~----~------~----~------~--~---
