An ongoing question/issue that the Software industry has faced is, "How can end user trust a piece of software?"
A packaged software bought from a sales outlet can be trusted for it's integrity but how about the software that you download on Internet and the bits and pieces gets transmitted on Internet. It's possible to alter the code while it's in transit and getting downloaded to user's machine. A hacker can very well inject a malicious code into this code while the code is in transit over wire.
Most of the current day browsers throw up a warning message for possible danger or threat to the systen in such cases but none actually gurantees that the code is what it claims it is.
Software industry has always been in need of an appraoch which can ensure that internet can be relied as a secured medium for software distribution. The most widely used solution for this problem is Digital Signature / Digital Certificate method.
Digital Signature:
when you want to distribute data and want to ensure the recipients that it does indeed come from you, you sing the data. Signing does not alter the data but simply bundle your signature along with the data. Signing of the data is does with the help of a private key of the software distributor.
Digital Certificate:
A certificate is a set of data that completely identifies an entity and is issues by a Certification Authority.The data set includes the entity's public cryptographic key.When the sender of a message signs the message with it's private key, the recipient of the message can use the sender's public key to verify Sender's indentity.
Note: The Digital Certificate (public key) can only be used to verify the signature and not produce the signaure. Only private key can be used to produce a Digital Signature.
In the next part of this blog, we would go into more details of Digital Signature/Digital Certificate.
No comments:
Post a Comment