StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POexample signatures php
primarykey
Id
15149155
data
AcceptedAnswerId
15176208
AnswerCount
1
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-03-01T01:55:55.087
FavoriteCount
0
LastActivityDate
2013-03-04T01:10:21.633
LastEditDate
2013-03-04T01:10:21.633
LastEditorUserId
1193705
OwnerUserId
1193705
ParentId
0
PostTypeId
1
Score
0
ViewCount
764
LastEditorDisplayName
text
Body
I implemented an example (for better understanding for myself) of how digital signatures work (in my case with php). I used the story from Bob and Alice under "How is a digital signature used for authentication?" from <a href="http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml" rel="nofollow">http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml</a> "Suppose Alice wants to send a signed message to Bob. She creates a message digest by using a hash function on the message. The message digest serves as a "digital fingerprint" of the message; if any part of the message is modified, the hash function returns a different result. Alice then encrypts the message digest with her private key. This encrypted message digest is the digital signature for the message. Alice sends both the message and the digital signature to Bob. When Bob receives them, he decrypts the signature using Alice's public key, thus revealing the message digest. To verify the message, he then hashes the message with the same hash function Alice used and compares the result to the message digest he received from Alice. If they are exactly equal, Bob can be confident that the message did indeed come from Alice and has not changed since she signed it. If the message digests are not equal, the message either originated elsewhere or was altered after it was signed (or the private key is different)." Before I post the code I would like to mention that this is probably not the right way not using standard generated key. But I should give me (and maybe you) an understanding of how signatures work. <pre><code>echo "Example 2 "; $res = openssl_pkey_new(); /* Extract the private key from $res to $privKey */ openssl_pkey_export($res, $privKey); /* Extract the public key from $res to $pubKey */ $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey["key"]; $message = "Im a message"; echo " Public key: "; echo $pubKey; echo " Private key: "; echo $privKey; echo " Message: "; echo $message; echo " Message digest: "; echo $md5message = sha1($message); echo " Message digest encrypted(signature): "; openssl_private_encrypt($md5message, $crypted, $privKey); echo $crypted; echo " Bob uses sha1 as well for the message: "; echo $md5message = md5($message); echo " Bob checks with decrypt(verify): "; openssl_public_decrypt($crypted, $decrypted, $pubKey); echo $decrypted; </code></pre> I have 3 questions: 1) Is the workflow right on how signatures work? What should I change (as mentioned before I dont want to generate "proper".pem,.crt etc keys...would be next step for me). 2) In my understanding the private key was always to decrypt. The public key for encryption. I am aware wording here is sign for the private key, and verify with the public key. Obviously I can verify it in this example with only the public key. I cant get my head around that. How is this possible? Maybe you can give me a better example or links? 3) What should I change in my implementation? Thanks in advance.
Tags
<php><encryption><signature>
Title
example signatures php
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USwhereismydipp
UserOwnerUserId
1. USwhereismydipp
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. COCould you give me the hexadecimal encoding of the signature, the modulus and the public exponent? I'm rather interested to do some additional tests on `openssl_private_encrypt`.
 singulars
 PostPostId
 POexample signatures php
 UserUserId
 USMaarten Bodewes
2. CONot exactly sure what you mean because it is generated on the fly anyway...
 singulars
 PostPostId
 POexample signatures php
 UserUserId
 USwhereismydipp

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.