• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: digital signatures
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: digital signatures

  • Subject: Re: digital signatures
  • From: "Nathan C. Hampton" <email@hidden>
  • Date: Sat, 27 Sep 2003 18:35:59 -0500
I think you should probably bone up on digital signatures first. I'm in a class on e-commerce security right now, and I'm understanding stuff much better after getting even a small dose of explanation of how this stuff works.

The penny summary is that a digital signature typically works by running a hash function on the message to create a digest, which is then encrypted using the private key. When the message gets to the recipient, the recipient runs the same hash function to create a digest, then decrypts the digest from the sender and compares them; if they match, the signature is verified. Because a tiny change in the message creates a completely different hashed digest, you can (generally) assume that the message hasn't changed since it was sent.

I don't know of anything that has been written already for using digital signatures in a WebObjects application, but I'm sure you can find either some Java code for the functions you need (maybe on SourceForge?) or a way to script some interaction with another application (though this could be a pain). I don't recommend trying to write this stuff yourself; I've been told that it's fiendishly complicated.

Good luck!

--NCH

On Sunday, September 21, 2003, at 10:42  PM, John Gilmore-Baldwin wrote:

I'm assessing writing an application where some form of digital signature would be appropriate. I'm wondering if others have solved this problems neatly.

One idea I had was to use some kind of public key encryption system, where the person "signing" would encrypt a phrase with their private key, allowing the system to decrypt with the public key to verify the signature.

I'm certainly open to other ideas, as this isn't really an area I'm familiar with.

Any ideas/suggestions?

John Gilmore-Baldwin
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored. 
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
  • Prev by Date: Re: Database Connection Errors - SOLVED
  • Next by Date: CSS calling background images in a web application
  • Previous by thread: QT Java
  • Next by thread: CSS calling background images in a web application
  • Index(es):
    • Date
    • Thread