# The Importance of Digital Signature in Asymmetric Key Encryption
Most of asymmetric key encryption including RSA-OAEP does not guarantee authenticity on its own because the public key, used for encryption, is widely known. Anyone could use this public key to encrypt a message.
Let us put this in the scenario of Alice and Bob
1. Alice wants to send a confidential message to Bob:
- Alice encrypts the message using Bob's public key to ensure confidentiality. She uses RSA-OAEP encryption, a widely-used asymmetric encryption scheme.
2. Eve's eavesdropping:
- Eve intercepts the encrypted message as it travels from Alice to Bob. Since the public key used for encryption is publicly available, Eve can obtain it easily.
- Using Bob's public key, Eve encrypts different message then sends the message to Bob.
3. Bob receives the tampered message:
- Bob having no idea about Eve tampering the message, decrypts it and reads the tampered message instead of the confidential message.
Hence, asymmetric encryption is commonly paired with digital signatures to guarantee authenticity.
Now, let us put this in the same scenario but now with digital signature and utilizing the encrypt-then-sign and verify-then-decrypt scheme:
1. Alice wants to send a confidential message to Bob:
- Alice encrypts the confidential message using Bob's public key.
- Alice then signs the encrypted message using her own private key.
- Alice sends the encrypted message and digital signature to Bob.
2. Eve wants to intercept the encrypted message:
- Eve intercepts the message, encrypts a different message using Bob's public key and sends the encrypted message to Bob.
- However, since Eve don't have Alice's private key, she can only sign it with her own key or another key, or she can send Alice's signature together with the tampered message.
- Eve then sends the tampered encrypted message to Bob and the signature.
3. Bob receives the tampered message:
- Bob verifies the signature of the message using Alice's public key.
- Verification will fail since the hash of the tampered message don't match with Alice's decrypted signature.
- Moreover, if Bob verifies Eve's signature instead, the verification will still fail because it will not match Alice's public key.
4. Bob receives the confidential message and signature from Alice:
- Bob verifies the signature using Alice's public key. This involves decrypting the signature using Alice's public key and comparing it to a hash of the original message. Since the message is not tampered and was also signed by Alice, the decrypted signature and the hash of the message will match, thus verification succeeds.
- Since the verification succeeds, Bob can then trust the authenticity of the message and proceeds with decrypting the message.
Conclusion:
While RSA encryption effectively safeguards the confidentiality of data through asymmetric key encryption, it lacks a built-in mechanism for verifying authenticity. This gap leaves room for potential tampering by malicious individuals, as illustrated in the scenario involving Eve's interception and manipulation of messages between Alice and Bob.
To address this vulnerability, it is common practice to utilize digital signatures alongside asymmetric encryption. By combining these two methods and adhering to the encrypt-then-sign and verify-then-decrypt protocol, users can ensure both the secrecy and authenticity of their communications.
This strategy allows Alice to transmit sensitive messages to Bob securely, with assurance that the message's integrity remains intact and its origin is validated. Upon receipt, Bob can confidently verify the authenticity of the message using Alice's public key before proceeding with decryption, thus ensuring that the message has not been tampered with and indeed originated from Alice.
In essence, the integration of digital signatures complements RSA encryption by offering a comprehensive solution that addresses both confidentiality and authenticity concerns in secure communication.
Sign in with Wallet
Connect another wallet