Re: digital signatures
Re: digital signatures
- Subject: Re: digital signatures
- From: "Nathan C. Hampton" <email@hidden>
- Date: Sat, 27 Sep 2003 18:35:59 -0500
I think you should probably bone up on digital signatures first. I'm
in a class on e-commerce security right now, and I'm understanding
stuff much better after getting even a small dose of explanation of how
this stuff works.
The penny summary is that a digital signature typically works by
running a hash function on the message to create a digest, which is
then encrypted using the private key. When the message gets to the
recipient, the recipient runs the same hash function to create a
digest, then decrypts the digest from the sender and compares them; if
they match, the signature is verified. Because a tiny change in the
message creates a completely different hashed digest, you can
(generally) assume that the message hasn't changed since it was sent.
I don't know of anything that has been written already for using
digital signatures in a WebObjects application, but I'm sure you can
find either some Java code for the functions you need (maybe on
SourceForge?) or a way to script some interaction with another
application (though this could be a pain). I don't recommend trying to
write this stuff yourself; I've been told that it's fiendishly
complicated.
Good luck!
--NCH
On Sunday, September 21, 2003, at 10:42 PM, John Gilmore-Baldwin wrote:
I'm assessing writing an application where some form of digital
signature would be appropriate. I'm wondering if others have solved
this problems neatly.
One idea I had was to use some kind of public key encryption system,
where the person "signing" would encrypt a phrase with their private
key, allowing the system to decrypt with the public key to verify the
signature.
I'm certainly open to other ideas, as this isn't really an area I'm
familiar with.
Any ideas/suggestions?
John Gilmore-Baldwin
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.