The basis for digital signatures is a keyed hash, or a checksum that
has been encrypted for verification. The most common keyed hash, and
the one used by PGP, is called Message Digest 5 (MD5), created by
Ronald Rivest of RSA fame. MD5 takes a message of arbitrary length and
distills it into a 128-bit checksum. The algorithm is highly sensitive
to minute changes in the input, so changing a single bit is enough to
generate a completely different checksum. The possibility of MD5
collisions exists, that is, two messages that produce the same 128-bit
hash value. However, the probability of encountering two messages with
the same MD5 hash value is exceptionally low -- there are 2^128 hash
values produced, or about 3 x 10^38. The number of MD5 output values
is far larger than the number of documents, messages, and e-mails sent
in any person's lifetime. There are some good MD5 tools on the Purdue COAST archive (ftp://coast.cs.purdue.edu/pub/tools/unix/md5).
MD5 is also one of the functions used in the Tripwire package (ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/),
a security tool that creates a hash of selected files and directories
on a regular basis to detect intrusion or unwanted modification.
Simply having the MD5 hash value isn't sufficient, because a forger
could have modified the message and included the updated MD5 value.
The sender needs to authenticate the message digest such that
the recipient will know that only the sender could have created it,
and that no other user could have modified the value along the way.
Turning an MD5 hash value into a digital signature requires using the
RSA public key cryptosystem yet again. The public and private key
pairs unlock each other, that is, anything encrypted with your public
key can only be decrypted with your private key. Conversely, something
encrypted with your private key can be decrypted by anyone with your
public key. But -- only you could have done the encryption,
since your private key is secret and known only to you. Voila! A
digital signature that only you can produce, and anyone holding your
public key can verify.
PGP's digital signatures work by generating an MD5 digest and
encrypting it with your private key. Anyone receiving the file
decrypts the signature with your public key, and regenerates the
digest to verify the message arrived intact. To sign an encrypted
message, add the
-s option to the PGP command line:
huey% pgp -seatf pepe | mail email@example.com
If you don't specify a secret key, the one added most recently to your
private key ring is used. Since you're accessing a private key you
need to type in the pass phrase to unlock it, encryption and ASCII
armoring takes place as before, with the PGP signature added to the end
of the file.