Wednesday, September 6, 2017

21 - Linux Security: digital signature with GPG2


- Layout for this exercise:

* Note: this exercise is based on the previous one, where a pair of asymmetric keys were generated with GPS2 and RSA algorithm:

1 - Introduction

- A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents.

- A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).

- Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.

2 - Signing a file with the private key

- First of all, let's check that both parties (CentOS and Debian) are part of the same GPG2 public-key-cryptographic system:

- Let's create a text file at the CentOS device:

- Now CentOS' root user is going to signed this text file with its own private key, outputting a file with a .ds extension:

- The passphrase generated at the previous exercise is required:

- The .ds file is unreadable because it is encrypted:

- Connecting to the remote device Debian:

- Transferring the digitally signed document:

- marie user at Debian receives the document:

- Now marie at Debian decrypts the document using CentOS' root's public key, outputting a decrypted file:

- The content of the decrypted file matches the original document written by the root at CentOS, so the whole process has been successful:

- The fact that the document is signed or encrypted with CentOS' root's private key and decrypted with CentOS' root's public key ensures the authenticity of the author of the document. 

- In other words the digital signature provides the non-repudiation property that the sender is really the one who claims to be the sender of the document.