This digest is then encrypted using the
sender??™s private key, which in turn generates the digital signature. The message is then sent
to the recipient either with the public key attached or relying on the recipient having the
public key readily available. The recipient decrypts the signature using the sender??™s public
key. If the digital signature can be decrypted successfully using the sender??™s public key, it
ensures that the message came from the sender and was not tampered with in any way
during transit. This feature is especially important for today??™s software industry, for which
digitally signed software is required to certify its authenticity and curb software pirating.
IMPORTANT A digital signature??™s only purpose is to ensure that a message is authentic and
was in fact generated by the sender. It doesn??™t hide the data and therefore does not guarantee
confidentiality.
404 Microsoft Windows Server 2008 Administration
DIGITAL CERTIFICATES
Digital certificates are no more than public keys encapsulated in a format that contains
additional metadata regarding use and origin. Typically, the digital certificate contains
not only the public key but also the name of the certificate??™s owner and its CA. Although,
technically, anyone can generate a digital certificate, without the weight of its trusted CA
behind it, it??™s practically useless. For example, if you self-generate a certificate for use on
your SSL-enabled Web site, clients that do not have your CA registered in their trusted
root certificate store will either be prompted that the certificate is from an untrusted
source or perhaps denied the connection outright.
Pages:
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437