Digital Signature and Encryption Example

This web page is intended to provide an idea of the steps needed to digitally sign and encrypt messages. I used openssl to do the work.

Juliet's Message

Juliet wants to send the following message to Romeo:
O Romeo, Romeo! wherefore art thou Romeo?
Deny thy father and refuse thy name;
Or, if thou wilt not, be but sworn my love,
And I'll no longer be a Capulet.

Digital Signatures

Juliet wants to make sure that Romeo knows that the message came from her and no one else. To do this, Juliet needs to create a digest and sign it.

To create a digest, Juliet uses a cryptographic hash function to convert the message into an ID number. It is supposed to be very difficult to create an alternative message with the same ID number. This is the ID number/digest for her message:

MD5(romeo-message)= 4b01c786b36b9a6e281deceaad86374e

Now to sign the digest, Juliet needs a secret private key that one else knows. Here is Juliet's private key:

-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAKkbSUT9/Q2uBfGRau6/XJyZhcF5abo7b37I5hr3EmwGykdzyk8G
SyJK3TOrjyl0sdJsGbFmgQaRyV+DLE7750ECAwEAAQJAESwLKa1dCAmW4uvwXuQh
xGk2kuoAWX/1l3tRGoXiYgO4O0/BjHNNwiAQF1q6q6nQ89SPKwA1/gpw5lOhMDhA
AQIhANWKs6T6e/FO7MTth4j5KTaPAoq8Xqp/0zGtzJzFD0sBAiEAyrrT4osEDa6t
NrlbdGHmIohnLGu550nVhXg4+8ql3EECIFXcSjUonhM9p8fatedmP6L3R49fBDVL
5jAQcLgMKAUBAiApOnV8zOi2H5/6URfYQ1CaFUNmNUJJVyqlSh3MlxnEAQIhAILN
/Oqz6uYzMmgEtP74B+vuI7yRB35TT1VQbgel6pLC
-----END RSA PRIVATE KEY-----
To verify her signature, Juliet needs to publish her public key so that it is available to everyone.
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKkbSUT9/Q2uBfGRau6/XJyZhcF5abo7
b37I5hr3EmwGykdzyk8GSyJK3TOrjyl0sdJsGbFmgQaRyV+DLE7750ECAwEAAQ==
-----END PUBLIC KEY-----

Using her private key, Juliet signs the digest. The combination of her message and her signature (which is long because of "padding") is:

MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="----714A286D976BF3E58D9D671E37CBCF7C"

This is an S/MIME signed message

------714A286D976BF3E58D9D671E37CBCF7C
O Romeo, Romeo! wherefore art thou Romeo?
Deny thy father and refuse thy name;
Or, if thou wilt not, be but sworn my love,
And I'll no longer be a Capulet.

------714A286D976BF3E58D9D671E37CBCF7C
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIB6gYJKoZIhvcNAQcCoIIB2zCCAdcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHATGCAbYwggGyAgEBMIGcMIGOMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVGV4
YXMxFDASBgNVBAcTC1NhbiBBbnRvbmlvMQ0wCwYDVQQKEwRVVFNBMQswCQYDVQQL
EwJDUzEXMBUGA1UEAxMOYWkuY3MudXRzYS5lZHUxJDAiBgkqhkiG9w0BCQEWFWp1
bGlldEBhaS5jcy51dHNhLmVkdQIJAMvyApGmAWbKMAkGBSsOAwIaBQCggbEwGAYJ
KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcwMjEyMjI1
ODU4WjAjBgkqhkiG9w0BCQQxFgQUdBfDe/KmnhmYA9DILxfq/zKlvwEwUgYJKoZI
hvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEQFbJ
+8cZivvgvrjj8l1QbK2o7gWdWBM9yav6NJR2eBVj3hKGaKQ+7JNbygcqtVcMDIo1
jSpsZas33BvhocwGOqs=

------714A286D976BF3E58D9D671E37CBCF7C--

Encryption

At this point, anyone who received Juliet's message to Romeo can use Juliet's public key to verify that Juliet created the message. However, Juliet might only want Romeo to read and verify her message. To accomplish this, Juliet needs to use Romeo's public key to encrypt the message. Of course, because Romeo wants to use public-key cryptography in order to receive secret, digitally-signed messages from Juliet, he has also published his public key.
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiJh05asQ4lF7oJQtBxK9zBAyO5iE1n
5+S4zIA9RUsIw6+HZJmd2k1O3SdWVotAnwI3orclEksnt4wEoL1E39ECAwEAAQ==
-----END PUBLIC KEY-----
Juliet uses this key to encrypt her message. This ensures that only Romeo (well, actually, anyone who has Romeo's private key) can read the message. Because her signature is part of the message, Romeo will know that the message came from her. Here is Juliet's signed and encrypted message:
MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p
7m"
Content-Transfer-Encoding: base64

MIIGlQYJKoZIhvcNAQcDoIIGhjCCBoICAQAxggEEMIIBAAIBADCBqTCBmzELMAkG
A1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMRQwEgYDVQQHEwtTYW4gQW50b25pbzEN
MAsGA1UEChMEVVRTQTEZMBcGA1UECxMQQ29tcHV0ZXIgU2NpZW5jZTEXMBUGA1UE
AxMOYWkuY3MudXRzYS5lZHUxIzAhBgkqhkiG9w0BCQEWFHJvbWVvQGFpLmNzLnV0
c2EuZWR1AgkAoptFaT8fxecwDQYJKoZIhvcNAQEBBQAEQIZ0kPgRARoHzrskKCjB
tAv72y1IsRo/QTA/mVf7FJilBolgLdeuLYcrD2F0xzHp5ESPrHnBV1oUXozyHtHQ
E3AwggVzBgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECMEIukgSyfAJgIIF
SLaH9S7XlajFEZD87vi1ihBmLW74CrFzlfPMbpV+EjoTUIH1oDMEv5LxY3SeyEUo
BEcTE7f3w9e8X1Htq3cPXmAzyuEXW0uoL5VlZuWTyMta2SJMZ/WYsalXVLr/6Fei
Z7G9UDjmRDw3/Y22dxwN/9iAxpC995aZizYHm++hrjgd9mplxPLThT6qiWMrpfUK
SMUVUFCE3pU2ELSvKtMrxFas9LJFVPXbTL/lceL0014QKHG8N3QMc9Ls8kwlkvDq
wZDNDmZCHJVJI4SOqFbZVErFF4RQkf9ttzf1oYncb2mu7mi2J9hNhQ22jxNVxbkw
x19g10jZItwPVRHhmQ2uPw8jpDcYvsMvjAPQf+SBUdjDNjznfDiXsmhBFNzI+GJN
MEpE2lchFa7U4qd85ty/JidfG6/WAasXJdt7hpj689FDfZ91l+zeCLxuHsFI8tDa
s4JbQtKyOMMt/9ml4q0baXxHQ9OU/Z/UZA8K+noBP9xcr7h6Vt3lYXHkgrA3Xp0M
iptFtEaNkRcFJkUcql38em3rduT3Z1+yVFsLUoP6ZHm86cGbjqpc+V1Fwc0kxjZy
X4KmIWWGrbBGIqKmmb39VayMxUqhc20uLlbW8mldRLSLL09Epa4nw6WYXSBd5uR+
j7N7g/LibrcQwfkFGpLXRDFTXgugg/5LXZiFi6UUMV3Yq2ax2uvfPB4Y0f8182XN
96lo37gUZqcIBSa4Cj8NiRPcZogOhjHPJatFS36QZHDdesh6cuMvIuaOIF2BN2+c
/uJ8Fy8iyTmI2Sq8ow4Ic/bOv2HIm9MQocql4ObkHRZTHcqfoKtlfFILAaZtZHl9
25RnQ6WjxFoQ0DBWUQ7F5QKRG/tOxf+9pWYBSB/kUGeLw9rVMuBlRyhTEFTaqONO
QAgvQmpzMC1UQb7MjmOA9DTWqJhnvzJtryoUdoOIyRuvZXddqtny4MfyA6iFl3WB
einncyHydyjGaUHJ0SE0p9rH8s4MbwTMfMocnLFYosZBMhOz0iVNhLqom2nha4Fr
f4wP6yl1CeuOh6VEb6w/qrzPoCOPhAijTKxii9TCkOY1qxRSrVbSSgEgeTdgdqgA
JUIZzFGTFmwWr+l7adyoQfKH1XWB8gfpbeHFovPiePqOV1dRo/CFW9uAxQpMIfa8
D29Vl6CsE8BHi6/1ELuD9yFGuz7GGmERW+eYRNCgfjEdkKuulGImTk4c+dM2CSaZ
PmPQFSo3s/tbWbYH9EX342g1jkHQAmaLbBoDxVF5jMqPS2k2mickJYasdJjat5KK
ujUvpzJitFDYGb849U6v9tjw7ko/CXcJjg1booDzo9QY2x5muBJBHpO+0Hgd3Ett
n/6kb+Ek876hu8vUKKEHflfH5aY8hcmN7aEvmLwzRoqSUb26/mwZxM//+QP8o9XH
t4CO2PMAa33INYLk92IP112uH9Q/AT4t8fhN9lW1GnJIeQxEkrJZowwiPeeO6HEB
dzke8I+XTkUsKLyDZvIsq/IcqmeNejCvzBRTA3INuH9usw/JFFL/YCD+2yRe2BZU
8HDldASRjRQi31VknrV2SOp0oKPaAxHUBj2cvX2sPfqpDIkH839LGN6kZas18lOV
uml7/hald3REGuE3VOVzwbG18hUuiC7QxnR2bYHFqc9WiG/lSAYJk3h6/JF/OmBj
ETOulHdiWv3G+gSU4jFh/xHrxfE2Ix4cJ7GEZRLgAEUYzKXQDzWhsZ4+wfpAkO5G
0FaVsMUndINhayRTvdFgtaQLgXujH+nKdS53N5PHFts1/c6R41P9m0m4YiKI24My
j7PRu11lAGl3

To reverse this process, Romeo uses his private key to decrypt the message and then uses Juliet's public key to verify the signature.

PKI

For these techniques to work in general, a public key infrastructure is needed that maintains a database of public keys and ensures the identity of the owners of the public keys. Currently, digital certificates (which include public keys and signatures), such as used for online shopping, are verified by keeping a list of trusted certificate authorities on your computer (i.e., a digital certificate for each one), which are then used to vertify the digital certificates from the web sites.