Example Illustrating the RSA Signature Generation

This section provides an example which illustrates the use of the RSA method applied to generate signatures. To make it easier to follow the steps that need to be performed with CrypTool, the example is illustrated with a number of screenshots.

The application of the RSA method to signatures is illustrated with a binary document.

First of all it is necessary (as for encryption and decryption using the RSA encryption algorithm) to generate an asymmetric key pair. Select the item Key Generation/Import in the menu Digital Signatures/PKI \ PKI, and the following dialog opens.

szenariorsa_sig1.gif

The name we enter is Joe Smith, the optional key identifier is Joes key and the PIN (twice) is CrypTool. The length of the modulus is 512 bits. Press the RETURN key or else click on the Generate new key pair button, and generation of the key pair will be started.

In the next window the public RSA parameters (public key) appear: the modulus composed of two prime numbers and the public exponent.

szenariorsa-sigparam.gif

Click on Apply key, and the name under which the key pair has been saved in the database and the time which elapsed during creation of the key pair are displayed.

szenariorsa_sig2.gif

When this dialog is closed, the Generation of asymmetric key pair dialog must also be closed by clicking on Cancel.

Before we sign a document we want to display the certificate for the key pair that has been generated. We therefore select Digital Signatures/PKI \ PKI \ Key Display/Export, following which the Available asymmetric key pairs dialog box appears, with the key pair previously generated highlighted.

szenariorsa_sig3.gif

The certificate is displayed by clicking on the Show certificate pushbutton.

szenariorsa_sig4.gif

We then close this dialog box and the dialog Available asymmetric key pairs by clicking on Close.

Now we know, which certificates are available. So we are now ready to sign a document, what we want to show with the following sample file.

We want to sign the screenshot of CrypTool, which is to be found in file CrypTool.bmp.

cryptool.gif

This document is opened in CrypTool (via File \ Open).

szenariorsa_sig5.gif

To sign the document it is necessary to select Digital Signatures/PKI \ Sign Message.

szenariorsa_sig6.gif

We want to sign with the RSA encryption algorithm and the RIPEMD-160 hash function. To sign the document, select the key pair and enter the PIN CrypTool, then either press the RETURN key or click on the Sign button.

szenariorsa_sig7.gif

The dialog box closes and the signed document is displayed.

szenariorsa_sig8.gif

The signature is at the start of the document and the document to be signed is at the end, as can be verified easily by comparing with the original document.

A clearer presentation, with separation of the signature and the document, can be obtained by selecting Digital Signatures/PKI \ Extract Signature.

szenariorsa_sig11.gif

We now wish to check that the document has not been altered. To do this, select Digital Signatures/PKI \ Verify signature.

szenariorsa_sig9.gif

Select Joe Smith from the list of signatories and click on the Verify signature button. The following dialog box now appears.

szenariorsa_sig10.gif

So, the message has not been changed.

We now wish to change the message, so we replace the first character in the message, the B, with an A.

szenariorsa_sig12.gif

If we now select Digital Signatures/PKI \ Verify signature, the following dialog box appears.

szenariorsa_sig13.png

Thus, CrypTool has detected using the RSA signature that the document has been changed.