Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

- (ISC)² Community
- :
- Certification
- :
- Exams
- :
- Re: Did the digital signature process change? Conf...

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Did the digital signature process change? Conflicting information on SSCP CBK editions.

Hi All

Did the digital signature creation process officially change?

In the older versions, and in my logical way of thinking, it says that __the message digest is "encrypted"__ with my private key. In the new fifth edition, it says __ the message digest is "decrypted" to CREATE the signature__.

**Is this an error or an official change in procedures?**

**The Official (ISC)2 SSCP CBK Reference, Fifth Edition By: Mike Wills**

- Carol produces a strong hash of the message content. This is known as the
*secure message digest*. **Carol “decrypts” that hash value, using the trapdoor function and her private key. This new value is her digital signature.**- Carol sends the message and her digital signature to Bob.
- Bob “encrypts” Carol’s digital signature, using the same trapdoor algorithm and Carol’s public signature, to produce the signed hash value.
- Bob uses the same hash function to produce a comparison hash of the message he received (not including the signature). If this matches the value he computed in step 4, he has proven that Carol (who is the only one who knows her private key) is the only one who could have sent that message.

**The Official (ISC)2® Guide to the SSCP® CBK Fourth Edition 2016**

Digital signatures provide authentication of a sender and integrity of a sender’s

message. A message is input into a hash function. *Then the hash value is*

__encrypted using the private key of the sender__. The result of these two steps yields

a digital signature. The receiver can verify the digital signature by decrypting the

hash value using the signer’s public key, then perform the same hash computation

over the message, and then compare the hash values for an exact match. If the

hash values are the same, then the signature is valid.

Even on CISSP CBK Reference Fifth Edition 2019

: "*This hash value is then encrypted using the message author's private key to produce a digital signature. The digital signature is transmitted as an appendix to the message."*

*So what is going on?? *

I have tried to find an update on FIPs.186-4, but cannot see any place where it standardises these steps.

6 Replies

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Re: Did the digital signature process change? Conflicting information on SSCP CBK editions.

Curious to see the response to this. I suspect it is a mistake but anything low altitude on cryptography is out of my area of expertise. LOL

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Re: Did the digital signature process change? Conflicting information on SSCP CBK editions.

I have to admit that Crypto was not and is not my first love.

Trapdoors are widely used in Crypto. The trapdoor function is easy to compute in one direction, but very difficult in the opposite direction without special information.

I don't have current copies of with the Official Guides to the SSCP or but CISSP but I would hope that there was some additional information associated with that passage allowing the reader to fully understand Trapdoors in Crypto. I believe that FIPS refers to these processes as generation and verification

@AndreaMoore This one needs to go to the folks Education, Seems the two publications offer slightly different language.

my nickel on an early Saturday morning.

d

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Re: Did the digital signature process change? Conflicting information on SSCP CBK editions.

@James_Waithe wrote:Hi All

Did the digital signature creation process officially change?

In the older versions, and in my logical way of thinking, it says that

the message digest is "encrypted"with my private key. In the new fifth edition, it says.the message digest is "decrypted" to CREATE the signature

...

So what is going on??

It is quite obvious that the editors of the 5th edition messed up and swapped the words *decrypt* and *encrypt*. The 4th edition for SSCP and the CISSP reference have it right.

No need to ponder deeply; just mark your book to correct the two errors.

As for @amandavanceISC2 getting involved, yes Please. There should be an errata list available on the (ISC)2 site which includes this correction.

(While I am not a crypto expert at the math level, working deeply in PKI from 1998-2002 was core to my transformation from IT to infosec. )

Craig

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Re: Did the digital signature process change? Conflicting information on SSCP CBK editions.

Thank you @CraginS and I hope @amandavanceISC2 can point this discussion to the responsible parties.

My concern is that this "new" concept is in two different places; Its also proposed in this study guide:

(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide, Second Edition

By: Mike Wills

Question 17 of the self assessment. I chose A, the book proposes C.

17. Which statement best describes how digital signatures work?

- The sender hashes the message or file to produce a message digest and applies the chosen encryption algorithm and their private key to it. This is the signature. The recipient uses the sender's public key and applies the corresponding decryption algorithm to the signature, which will produce a matching message digest only if the message or file is authentically from the sender.
- The sender hashes the message or file to produce a message digest and applies the chosen decryption algorithm and their public key to it. This is the signature. The recipient uses the sender's private key and applies the corresponding encryption algorithm to the signature, which will produce a matching message digest only if the message or file is authentically from the sender.
- The sender hashes the message or file to produce a message digest and applies the chosen decryption algorithm and their private key to it. This is the signature. The recipient uses the sender's public key and applies the corresponding encryption algorithm to the signature, which will produce a matching message digest only if the message or file is authentically from the sender.
- The sender encrypts the message or file with their private key and hashes the encrypted file to produce the signed message digest. This is the signature. The recipient uses the sender's public key and applies the corresponding decryption algorithm to the signature, which will produce a matching message digest only if the message or file is authentically from the sender.

**Answer:**

C: The incorrect answers show misapplication of the steps of the process. Option A has reversed who encrypts and who decrypts. Option B confuses the use of the sender's public and private key, and if the recipient knows the sender's private key it must no longer be private. Option D won't work, because decrypting the unencrypted hash won't produce anything that is useful.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Re: Did the digital signature process change? Conflicting information on SSCP CBK editions.

Thanks for tagging me. I have passed this along and will follow up with you all soon.

(ISC)² Community Manager

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

2 weeks ago

2 weeks ago

Re: Did the digital signature process change? Conflicting information on SSCP CBK editions.

Thank you