On Mon, 5 Feb 2007, Aviram Jenik wrote:
On Tuesday 06 February 2007 01:01, Peter wrote:
How is hash a digital signature?
[clipped a short explanation on Hash]
I know what hash is. My question was, how is it a digital signature? (hint:
it's not. I can easily generate a hash function with the parameters of your
mail client and my own data. Does that mean you signed it?).
A digital signature as 'redefined' by me in this thread is a piece of
data that is applied to a message and is of one of the following types:
a) opaque data that appears to be legit but is not b) data that is
related to a message b1) as b) but with exactly one key c) data that is
related to a message via two or more keys
What you people mean most of the time with 'legally binding' signatures
is the particular case of c) above where the two keys are related by
being a pair of public and private keys, usually using certificates.
This is not what I had in mind.
Also the 'data' described above may be sent with the message or not.
The goal is to have a message transfer that is actually two messages:
the message and the signature. F.ex. storing the signature alone in a
log, without storing the message, can allow the sender to verify later
that he indeed sent that message if asked by a legit person, but without
keeping a copy of the message. Thus an unauthorized forced access to the
log can net at most a signature that is not traceable to anyhing in
particular, even if the unauthorized accessor has the full copy of the
message. Or the signature can be sent separately from the message and
arrival of one without the other can have some meaning. Note that the
signature can identify the message and/or the sender (any combination of
these things). In fact the signature can be a subsequent or
precedent message.
This is a form of anonymous signature.
I have no idea what that sentence means.
It means that someone applied an algorythm to a piece of data with or
without additional secret keys and obtained a hash H. This does not
identify the person who did it.
Peter
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
