Ensure data integrity and trust

When digitally signed, ensuring data has not changed and can be trusted involves two steps:

  1. Verifying the signature.
  2. Validating the verification certificate.

The verification certificate is the certificate containing the public key corresponding to the private key that was used to create the signature in the first place. This certificate is almost always provided as part of the signature that is transported along with the signed data.

Signature verification

Signature verification consists of the following steps:

  1. Compute a hash value over the signed data.
  2. Using the public key in the verification certificate, decrypt the encrypted hash value in the signature.
  3. Ensure the two hash values are equal. If so, the signature is verified. It is known the data has not been changed since it was signed.

Certificate path validation

Certificate path validation ensures a public-key certificate has not been tampered with and can be trusted. All certificates are signed by their issuing certificates. This means each certificate contains a signature that can be checked through the signature verification process previously described. The verification ensures the certificate has not been tampered with. For a given end-entity certificate, the list of certificates from itself through its intermediate certificates to its root certificate is known as the certificate path or chain. (Self-signed or root certificates are signed by themselves.)

Validating a certificate consists of the following steps:

  1. Construct the path from the certificate to its root certificate.
  2. Verify the signature of each certificate in the path.
  3. Ensure that each certificate in the path has not expired.
  4. Ensure that each certificate in the path has not been revoked. See Manage certificate revocation lists (CRLs).
  5. Ensure at least one certificate in the path is trusted. A certificate is trusted if it appears in the appropriate trusted root store (also known as a PSE or personal security environment).

Interchange must always be able to build and validate the complete path of certificates from verification certificate to its root certificate. However, under security implemented for some other systems, the process stops with the first encounter of a trusted certificate.

Related topics

Related Links