ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

258

When Bob clicks on the digital signature option on his e-mail application, special software applies a

mathematical formula known as a hash function to the message, converting it to a fixed-length string

of characters called a message digest. The digest acts as a "digital fingerprint" of the original message.

If the original message is changed in any way, it will not produce the same message digest when the

hash function is applied. Bob's software then encrypts the message digest with his private key,

producing a digital signature of the message. He transmits the message and digital signature to Alice.

Alice uses Bob's public key to decrypt the digital signature, revealing the message digest. Since only

Bob's public key can decrypt the digital signature, she is able to verify that Bob was the sender of the

message. This verification process also tells Alice's software which hash function was used to create

the message digest of Bob's original message. To verify the message content, Alice's software applies

the hash function to the message she received from Bob. The message digests should be identical. If

they are, Alice knows the message has not been changed and she is assured of its integrity. (If Bob had

wanted to ensure the confidentiality of his message, he could have encrypted it with Alice's public key

before applying the hash function to the message.)

The best thing about all these encryption, decryption, verifying and authenticating processes is that

special software does them all transparently, so that Bob and Alice receive the assurances they need

without having actually to engage in computations themselves.