A hash value, also called a message digest, is a number generated from a string of text. As per the hash definition, no two different texts should produce the same hash value. If an algorithm can produce the same hash for a different string of text, then that algorithm is not collision free and can be cracked. Various examples of hash algorithm are like MD2, MD5 and SHA-1 etc.
Here’s how to create a hash of a file, and how to detect whether the hash changes when changing the document.
Demonstration of Hashing using CrypTool
- Click on “Indiv Procedures” > Hash>Hash Demonstration.
The message below will appear.
- We have selected the SHA-160 algorithm to generate a hash.
- Since there is no change in text, both the original and modified values are the same. Let’s change the text in the file.
I added the word “modified” to the original document.
The hash values are different because the original and final documents are different.
Generation of HMAC using CrypTool
Only one type of hash is possible for a specific text (provided there’s no collision), which means the file has integrity. But an attacker could modify the file, recalculate the hash of the modified file, and replace the old hash with the modified one.
That problem is solved using Hash Message Authentication Code (HMAC), which uses a secret key to calculate the hash. That key is secret between the entities. Unless the attacker has the key, they’re unable to calculate a valid hash value of the modified data. To generate a HMAC in CrypTool, perform the following steps:
- Click on “Indiv Procedures” >Hash > Generation of HMACs .
Select the SHA-1 160 bit hash, and leave the key empty.
Because we haven’t selected a key, this message will appear.
- The message shows that the difference between a simple hash and HMAC are the keys.
- Below is the hash, or the HMAC value in this case.
Enter key value “Infosec Institute” and see the difference in the generated HMAC. In this case I have chosen the HMAC to be in front of the message.
A digital signature added to a document shows the sender’s identity. It can also provide non-repudiation. The sender cannot deny sending the document, only the sender has that digital signature. Digital signatures are created through multiple steps. We need to understand all the steps that must be performed before a digital signature can be generated.
Demonstration of digital signatures using CrypTool
Digital Signature Creation
- First we need to generate a hash value of the document. To generate it, we need to select a hashing algorithm. We’ll use the MD5 algorithm.
- Next, generate a key pair. We’ll generate RSA keys. For RSA key generation, two large prime numbers and a mathematical function are required.
- After successfully generating keys, encrypt the hash value generated earlier.
- We need to create a certificate associated with the RSA key. Provide the following details and click on “create certificate.” It’ll be used for communication between the sender and recipient.Click on generate signature to create a digital signature.
- Click on “store signature.”
Signing with Digital Signature
Select the document to apply the signature. We’ll select our Infosec document.
- Click on “Digital Signature” > Sign.
- Select the digital signature we just created.
Enter the PIN code from the signature creation process, and click on sign.
Verifying the Digital signature
- Click on “Digital Signatures” > Verify signature.
- Select the Digital Signature created above
- This message confirms a correct signature.
The difference between HMAC and Digital Signatures
The difference is the type of key being employed. In HMAC, the key that is used is symmetric, and digital signatures uses an asymmetric key.