87 lines
6.2 KiB
HTML
87 lines
6.2 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Digital signatures" />
|
|
<meta name="abstract" content="A digital signature on an electronic document or other object is created by using a form of cryptography and is equivalent to a personal signature on a written document." />
|
|
<meta name="description" content="A digital signature on an electronic document or other object is created by using a form of cryptography and is equivalent to a personal signature on a written document." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4abunderstanddc.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu02mcertificateauthority.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu0cmcryptogco.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzahukeypair.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="dig_sig" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Digital signatures</title>
|
|
</head>
|
|
<body id="dig_sig"><a name="dig_sig"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Digital signatures</h1>
|
|
<div><p>A digital signature on an electronic document or other object is
|
|
created by using a form of cryptography and is equivalent to a personal signature
|
|
on a written document.</p>
|
|
<p>A digital signature provides proof of the object's origin and a means by
|
|
which to verify the object's integrity. A digital certificate owner "signs"
|
|
an object by using the certificate's private key. The recipient
|
|
of the object uses the certificate's corresponding public key to decrypt the
|
|
signature, which verifies the integrity of the signed object and verifies
|
|
the sender as the source.</p>
|
|
<p>A Certificate Authority (CA) signs certificates that it issues. This signature
|
|
consists of a data string that is encrypted with the Certificate Authority's
|
|
private key. Any user can then verify the signature on the certificate by
|
|
using the Certificate Authority's public key to decrypt the signature. </p>
|
|
<p>A digital signature is an electronic signature that you or an application
|
|
creates on an object by using a digital certificate's private key. The digital
|
|
signature on an object provides a unique electronic binding of the identity
|
|
of the signer (the owner of the signing key) to the origin of the object.
|
|
When you access an object that contains a digital signature, you can verify
|
|
the signature on the object to verify the source of the object as valid (for
|
|
example, that an application you are downloading actually comes from an authorized
|
|
source such as IBM<sup>®</sup>).
|
|
This verification process also allows you to determine whether there have
|
|
been any unauthorized changes to the object since it was signed.</p>
|
|
<p><span class="uicontrol">An example of how a digital signature works</span></p>
|
|
<p>A software developer has created an <span class="keyword">i5/OS™</span> application
|
|
that he wants to distribute over the Internet as a convenient and cost-effective
|
|
measure for his customers. However, he knows that customers are justifiably
|
|
concerned about downloading programs over the Internet due to the increasing
|
|
problem of objects that masquerade as legitimate programs but really contain
|
|
harmful programs, such as viruses. </p>
|
|
<p>Consequently, he decides to digitally sign the application so that his
|
|
customers can verify that his company is the legitimate source of the application.
|
|
He uses the private key from a digital certificate that he has obtained from
|
|
a well-known public Certificate Authority to sign the application. He then
|
|
makes it available for his customers to download. As part of the download
|
|
package he includes a copy of the digital certificate that he used to sign
|
|
the object. When a customer downloads the application package, the customer
|
|
can use the certificate's public key to verify the signature on the application.
|
|
This process allows the customer to identify and verify the of the application,
|
|
as well as ensure that the contents of the application object has not been
|
|
altered since it was signed.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4abunderstanddc.htm" title="View this information to better understand what digital certificates are and how they work. Learn about the different types of certificates and how you can use them as part of your security policy.">DCM concepts</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzahurzahu02mcertificateauthority.htm" title="A Certificate Authority (CA) is a trusted central administrative entity that can issue digital certificates to users and servers.">Certificate Authority (CA)</a></div>
|
|
<div><a href="rzahurzahu0cmcryptogco.htm" title="Use this information to learn what cryptography is and how digital certificates use cryptographic functions to provide security.">Cryptography</a></div>
|
|
<div><a href="rzahukeypair.htm" title="Every digital certificate has a pair of associated cryptographic keys that consist of a private key and a public key.">Public-private key pair</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |