1
<?xml version="1.0" encoding="UTF-8"?>
3
<!-- ====================================================================== -->
4
<!-- = chapter-6.xml = -->
5
<!-- = standard security module guide - chapter 6 = -->
6
<!-- ====================================================================== -->
7
<!-- = This program is free software; you can redistribute it and/or = -->
8
<!-- = modify it provided that this copyright notice is kept intact. = -->
9
<!-- = This program is distributed in the hope that it will be useful but = -->
10
<!-- = without any warranty; without even the implied warranty of = -->
11
<!-- = merchantability or fitness for a particular purpose. In no event = -->
12
<!-- = shall the copyright holder be liable for any direct, indirect, = -->
13
<!-- = incidental or special damages arising in any way out of the use = -->
14
<!-- = of this software. = -->
15
<!-- ====================================================================== -->
16
<!-- = copyright (c) 1999-2011 - amaury darsch = -->
17
<!-- ====================================================================== -->
19
<chapter module="sec" number="6">
20
<title>Digital signature</title>
23
This chapter is dedicated to the digital signature functions and
24
objects, a subpart of the <em>standard security</em> module.
27
<!-- signature objects -->
29
<title>Signature objects</title>
32
A digital signature is a unique representation, supposedly non
33
forgeable, designed to authenticate a document, in whatever form
34
it is represented. For example, a signature is used to sign a
35
certificate which is used during the process of establish a
36
secured connection over the Internet. A signature can also be used
37
to sign a <em>courrier</em> or keys as it is in the Openssh
40
Digital signatures come into several flavors eventually associated
41
with the signed document. Sometimes, the signature acts as a
42
container and permits to retrieve the document itself. Whatever
43
the method, the principle remains the same. As of today
44
technology, there are two standards used to sign document as
49
<title>Digital signature standard</title>
50
<tr><th>Standard</th> <th>Name</th></tr>
51
<tr><td>DSS</td> <td>Digital Signature Standard</td> </tr>
52
<tr><td>RSA</td> <td>RSA based signature</td> </tr>
55
<!-- signer and signature objects -->
57
<title>Signer and signature objects</title>
60
The process of generating a signature is done with the help of
61
a <code>Signer</code> object. A signer object is a generic
62
object, similar in functionality to the hasher object. The
63
result produced by a signer object is a <code>Signature</code>
64
object which holds the generated signature.
68
<!-- signature key -->
70
<title>Signature key</title>
73
The process of generating a signature often requires the use of
74
a key. Such key can be generated with the help of
75
the <code>Key</code> object. The nature of the key will depend
76
on the target signature. The following table is a resume of the
81
<title>Digital signature key</title>
82
<tr><th>Standard</th> <th>Key</th> <th>Signer</th> </tr>
83
<tr><td>DSS</td> <td>KDSA</td> <td>Dsa</td> </tr>
87
In the case of DSS, a key can be generated automatically,
88
although this process is time consuming. The default key size is
93
const key (afnix:sec:Key afnix:sec:Key:KDSA)
94
assert 1024 (key:get-bits)
98
<!-- creating a signer -->
100
<title>Creating a signer</title>
103
A <code>Signer</code> object is created with a particular
104
signature object such like DSA. The <code>Dsa</code> object is a
105
signer object that implements the <em>Digital Signature
106
Algorithm</em> as specified by the <em>Digital Signature
107
Standard (DSS)</em> in <em>FIPS-PUB 186-3</em>.
111
# create a dsa signer
112
const dsa (afnix:sec:Dsa key)
113
assert true (afnix:sec:dsa-p dsa)
117
<!-- creating a signature -->
119
<title>Creating a signature</title>
122
A signature is created with the help of the <code>compute</code>
123
method. The <code>Signature</code> object is similar to
124
the <code>Hasher</code> and operates with string or streams.
128
# create a signature object
129
const sgn (dsa:compute "afnix")
130
assert true (afnix:sec:signature-p sgn)
134
Once the signature is created, each data can be accessed
135
directly with the associated component mapper. In the case of
136
DSS, there are two components as show below.
140
# get the DSS S component
141
sgn:get-relatif-component afnix:sec:Signature:DSA-S-COMPONENT)
142
# get the DSS R component
143
sgn:get-relatif-component afnix:sec:Signature:DSA-R-COMPONENT)