Digital Signature

From SEGGER Knowledge Base
Jump to navigation Jump to search

A digital signature is the result of a mathematical computation. It is similar to a hash value (such as MD5), but there is one important difference: A digital signature relies on a private/public key scheme. Thus, one key (typically the private key) is used to generate the signature, and the other one is used to verify it. This differs from a hash, which is the result of a simple mathematical function, where the same function is used for both generation and verification.

This is a very important difference. With a digital signature verification scheme, both the algorithm and public key can be known and open, but this still does not allow a potential attacker to create a signature for a modified document.

Applications

There are various applications for digital signatures in embedded systems and other places. One simple example is the signing of a document.

Alice can make her public key known to the world, and anybody can now verify that a document claiming to be signed by Alice actually was. The only thing an individual has to ensure is that they have the proper public key (used for verification). SEGGER supplies a free tool based on emSecure for exactly this purpose: Sign&Verify.

Use in embedded systems

In embedded systems, digital signatures can be used for various purposes, such as:

  • Firmware updates—for authentication of an update's source.
  • Copy (clone) protection— with signature storage for every system device based on the unique ID of a chip in the system. If firmware is copied (cloned) and the signature does not match, the firmware will not function.

Algorithms used

  • RSA
  • Elliptic curves

Software libraries

One software library that allows generation of keys and signatures as well as verification of signatures in any system (including embedded systems) is SEGGER's emSecure

Retrieved from "https://kb.segger.com/index.php?title=Digital_Signature&oldid=22674"