Common Data Security Architecture (CDSA) White Paper

Cryptography Service Provider (CSP) API

unique set of bits corresponding to the data. Typically generated hashes are very small (e.g. 20 bytes).

[2]A encrypts the hash using A’s private key to create A’s “digital signature.”

[3]A passes the digital signature, encrypted symmetric key, and bulk-encrypted data to B.

[4]B uses B’s private key to decrypt the encrypted symmetric key.

[5]B uses the symmetric key to decrypt A’s bulk-encrypted data.

[6]With knowledge of what hash function A used to generate A’s digital signature, B calculates the hash over A’s data.

[7]B uses A’s public key to decrypt A’s hash of A’s data.

[8]B compares A’s hash of A’s data to B’s hash of A’s data.

Since only A’s public key can decrypt data that A encrypted using A’s private key, B knows that the data came from A, and further, that it has not been tampered with, since A’s hash of A’s data and B’s hash of A’s data are identical.

All basic cryptographic operations discussed above (symmetric key encryption, dual assymetric key cryptography, hashing, and digital signatures) can be found in the HP CDSA library’s capabilities. The APIs for using CDSA are discussed in the sections that follow.

24

Chapter 1

Page 24
Image 24
HP UX Security Products and Features Software manual Cryptography Service Provider CSP API