Validating a Signature
To validate the signature, reverse the procedure:
- Decrypt the secret key using the reviewer's Public Key data.
- Decrypt the stored digest using the secret key.
- Regenerate the digest value from the saved document.
- Validate the digest by comparing the two values.
If the digest strings are identical, then the data was not compromised and you can provewith reasonable certaintythat the reviewer did indeed read and approve the data.
To make this work, retrieve the Pubic Key of the user who signed that data. (The user's identity is stored in the
Document table in the
DocReviewer field. The user's Public Key information is then retrieved from the
KeyData field of the
User table.) Here again the RSA provider has a function to help you:
'Validate the signature using
'the Reviewer's public key data
objRSAProvider = New RSACryptoServiceProvider()
arStoredSignature = StringToByteArray(strSignature)
If objRSAProvider.VerifyData(arDocText, "MD5", _
MsgBox("Document is valid!", _
MsgBox("Document is NOT valid!", _
MsgBoxStyle.Critical, "Not Valid")
function accepts the data, algorithm name, and signature value and returns a Boolean indicating success or failure.
Use What You've Learned
Now that you have gained a better understanding of Public Key Infrastructures and Digital Signatures, you can use them in real-life applications. Of course, commercial applications use a more complicated and robust approach in their PKI implementations. If you're interested in learning more about cryptography and PKI, a good place to start is the RSA Labs Web site. It contains several documents explaining how the keys and signatures are generated.