Some doubts about signature procedure

[David Smith]

On 09/09/13 09:42, Francesco C. wrote:
> Hi, here I come back to ask you some clarification about the signature
> procedure.
> The purpose of signature procedure is making sure of anybody can't
> modify the file you're trying to send.
> 
> Many times they use also the check of Md5sum or SHA512Sum, but anyway my
> question is:
> 
> if any spiteful person succeed in tapping a file transmission of mine,
> he surely succeed in signing the modified file. So how can my addressee
> realize of that?
> 
> In other words, if this spiteful person succeed in replacing a modified
> file in a server he also succeed in replacing also the signature file,
> doesnt' he?

The signature is more than just the hash of the message.

The signing process consists of two steps.  Firstly, the message being
signed is run through a hashing algorithm like MD5 or SHA.  The second
step is that the output of the hashing algorithm is encrypted using your
secret key.

Anyone wishing to check the signature can then decrypt the hash using
your public key, run the same hashing algorithm over the message, and
check that the hash of the message is the same as the unencrypted hash
from the signature.

You are correct that an attacker can generate a hash of the modified
message, but they cannot encrypt it with your secret key, unless they
also have a copy of that key.

I've simplified the process somewhat for ease of explaining it, but
that's the general gist of the way it works.  So, provided your secret
key is kept secret, and your addressees verify that the public keys they
have really do belong to you, you can be confident that the signature
mechanism is safe.

-- 
David Smith            Work Email: Dave.Smith at st.com
STMicroelectronics     Home Email: David.Smith at ds-electronics.co.uk
Bristol, England          GPG Key: 0xF13192F2