Common Data Security Architecture (CDSA) White Paper
Cryptography Service Provider (CSP) API
unique set of bits corresponding to the data. Typically generated hashes are very small (e.g. 20 bytes).
[2]A encrypts the hash using A’s private key to create A’s “digital signature.”
[3]A passes the digital signature, encrypted symmetric key, and
[4]B uses B’s private key to decrypt the encrypted symmetric key.
[5]B uses the symmetric key to decrypt A’s
[6]With knowledge of what hash function A used to generate A’s digital signature, B calculates the hash over A’s data.
[7]B uses A’s public key to decrypt A’s hash of A’s data.
[8]B compares A’s hash of A’s data to B’s hash of A’s data.
Since only A’s public key can decrypt data that A encrypted using A’s private key, B knows that the data came from A, and further, that it has not been tampered with, since A’s hash of A’s data and B’s hash of A’s data are identical.
All basic cryptographic operations discussed above (symmetric key encryption, dual assymetric key cryptography, hashing, and digital signatures) can be found in the HP CDSA library’s capabilities. The APIs for using CDSA are discussed in the sections that follow.
24 | Chapter 1 |