Hi All
Did the digital signature creation process officially change?
In the older versions, and in my logical way of thinking, it says that the message digest is "encrypted" with my private key. In the new fifth edition, it says the message digest is "decrypted" to CREATE the signature.
Is this an error or an official change in procedures?
The Official (ISC)2 SSCP CBK Reference, Fifth Edition By: Mike Wills
The Official (ISC)2® Guide to the SSCP® CBK Fourth Edition 2016
Digital signatures provide authentication of a sender and integrity of a sender’s
message. A message is input into a hash function. Then the hash value is
encrypted using the private key of the sender. The result of these two steps yields
a digital signature. The receiver can verify the digital signature by decrypting the
hash value using the signer’s public key, then perform the same hash computation
over the message, and then compare the hash values for an exact match. If the
hash values are the same, then the signature is valid.
Even on CISSP CBK Reference Fifth Edition 2019
: "This hash value is then encrypted using the message author's private key to produce a digital signature. The digital signature is transmitted as an appendix to the message."
So what is going on??
I have tried to find an update on FIPs.186-4, but cannot see any place where it standardises these steps.
I have to admit that Crypto was not and is not my first love.
Trapdoors are widely used in Crypto. The trapdoor function is easy to compute in one direction, but very difficult in the opposite direction without special information.
I don't have current copies of with the Official Guides to the SSCP or but CISSP but I would hope that there was some additional information associated with that passage allowing the reader to fully understand Trapdoors in Crypto. I believe that FIPS refers to these processes as generation and verification
@AndreaMoore This one needs to go to the folks Education, Seems the two publications offer slightly different language.
my nickel on an early Saturday morning.
d
@James_Waithe wrote:Hi All
Did the digital signature creation process officially change?
In the older versions, and in my logical way of thinking, it says that the message digest is "encrypted" with my private key. In the new fifth edition, it says the message digest is "decrypted" to CREATE the signature.
...
So what is going on??
It is quite obvious that the editors of the 5th edition messed up and swapped the words decrypt and encrypt. The 4th edition for SSCP and the CISSP reference have it right.
No need to ponder deeply; just mark your book to correct the two errors.
As for @amandavanceISC2 getting involved, yes Please. There should be an errata list available on the (ISC)2 site which includes this correction.
(While I am not a crypto expert at the math level, working deeply in PKI from 1998-2002 was core to my transformation from IT to infosec. )
Craig
Thank you @CraginS and I hope @amandavanceISC2 can point this discussion to the responsible parties.
My concern is that this "new" concept is in two different places; Its also proposed in this study guide:
(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide, Second Edition
By: Mike Wills
Question 17 of the self assessment. I chose A, the book proposes C.
17. Which statement best describes how digital signatures work?
Answer:
C: The incorrect answers show misapplication of the steps of the process. Option A has reversed who encrypts and who decrypts. Option B confuses the use of the sender's public and private key, and if the recipient knows the sender's private key it must no longer be private. Option D won't work, because decrypting the unencrypted hash won't produce anything that is useful.
Thanks for tagging me. I have passed this along and will follow up with you all soon.
James, Craig, and everyone else,
Egg on face. This was in fact a mistake I made in the 2nd edition Study Guide, which got propagated over into the 5th Edition CBK. I thank you, James, for bringing this to the community (which did bring it to me), so that we can get this error fixed before it propagates further.
It clearly should say in step 2 that Carol encrypts only the hash of the message to produce the signature; then Bob in step 4 decrypts it.
Sorry for the confusion,
Mike