{"id":15183,"date":"2021-11-18T12:27:50","date_gmt":"2021-11-18T17:27:50","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=15183"},"modified":"2021-11-19T13:16:15","modified_gmt":"2021-11-19T18:16:15","slug":"public-key-signature","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/public-key-signature\/","title":{"rendered":"Public Key Signature: What It Is &#038; Why It&#8217;s Everywhere"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-pki-digital-signatures-can-be-found-virtually-everywhere-from-digitally-signed-emails-and-software-to-secure-websites-we-ll-break-down-what-a-pki-signature-is-and-how-it-helps-protect-your-data-s-integrity\">PKI digital signatures can be found virtually everywhere \u2014 from digitally signed emails and software to secure websites. We\u2019ll break down what a PKI signature is and how it helps protect your data\u2019s integrity<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/01\/internet-dog-comic-1.png\" alt=\"A comic that shows two dogs talking, and the one sitting in front of a computer says, &quot;On the internet, nobody knows you're a dog.&quot;\" class=\"wp-image-12011\" width=\"333\" height=\"370\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/01\/internet-dog-comic-1.png 660w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/01\/internet-dog-comic-1-269x300.png 269w\" sizes=\"auto, (max-width: 333px) 100vw, 333px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Remember when you were a kid and your parents told you that if you put your mind to it, you can do or be anything you want? Well, on the internet, that is kind of true. You can pretty much make your own truth about yourself \u2014 you could be a teenager, an adult, or a company\u2019s CEO. Without a way to prove your claims are legitimate, no one will be any the wiser.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cybercriminals know this and love to take advantage of it. That\u2019s why we have all the issues that we do today relating to phishing other sorts of predatory cyber attack techniques. Before the internet, you had to meet up with someone face to face to securely exchange information or send coded, encrypted messages.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But now that people are communicating and doing business with others across the world instantaneously, face-to-face meetups are no longer feasible in most cases. So, to protect yourself and your customers, you need to have a way to prove your identity online and help people know that your emails, files, and software are legitimate and haven\u2019t been faked. This is where PKI signatures come into play.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But what is a public key signature? How is a digital signature different from other electronic signatures? And where can you find PKI digital signatures in action?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-a-public-key-signature-a-simple-pki-digital-signature-definition-analogy\">What Is a Public Key Signature? A Simple PKI Digital Signature Definition &amp; Analogy<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before we can dive head-first into the nitty-gritty of public key signatures, it would be smart to at least briefly recap what a digital signature is as well as the role it plays in <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-pki-a-crash-course-on-public-key-infrastructure-pki\/\">public key infrastructure<\/a> (PKI). After all, you can\u2019t run the play if you don\u2019t know the rules.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A <strong>PKI signature<\/strong> is a form of verifiable digital identity that helps you prove you (or something you create) is real. In a way, it\u2019s kind of like a fingerprint because it\u2019s something that uniquely identifies you. However, it\u2019s more than \u201cjust\u201d identity. A digital signature is a way for your organization to affirm its legitimacy through the use of a digital certificate (such as a code signing certificate) and a cryptographic key.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In a nutshell, using a PKI digital signature enables you to attach your verifiable identity to software, code, emails, and other digital communications so people know they\u2019re not fake. This helps you:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Prove your identity so you can do things that require authorized access (authentication)<\/li><li>Assert your organization\u2019s digital identity so people know you\u2019re you and not an imposter (non-repudiation) using the signature and other tools (such as timestamping), and<\/li><li>Protect and prove the authenticity of your messages, files, connections and data (data integrity).<\/li><\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">If that all seems a bit complicated, let\u2019s break this down with more of a simple analogy\u2026<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-a-public-key-signature-pki-digital-signature-is-the-wax-seal-of-internet-communications\">A Public Key Signature (PKI Digital Signature) Is the Wax Seal of Internet Communications<\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"616\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-wax-example2.jpg\" alt=\"A stock image that shows a wax seal on an old fashioned handwritten message\" class=\"wp-image-15185\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-wax-example2.jpg 961w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-wax-example2-300x192.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-wax-example2-768x492.jpg 768w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">A PKI signature is the modern equivalent of a <a href=\"https:\/\/www.britannica.com\/technology\/sealing-wax\">wax seal<\/a> that people historically would use to secure sensitive communications. Before the internet or the invention of the telephone, people would either meet up in person or communicate remotely via written letters. Of course, without digital communications, these messages would have to be delivered by hand \u2014 via train, boat, or horseback riders \u2014 which means that these messages could be intercepted on their way to their intended recipients.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Say, you want to send a sensitive message to a friend. You\u2019d want to have a way to let them know that you signed it and that the message hasn\u2019t been tampered with in any way. Years ago, you\u2019d use a wax seal to achieve this. This process would entail:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Melting some wax,<\/li><li>Pouring it on the envelope, pressing your personal seal (i.e., stamp) into the wax, and<\/li><li>Giving the wax time to harden.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">When your friend receives your message, they\u2019ll see that the wax seal intact. This unbroken wax seal indicates that your message is legitimate in two crucial ways:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>The crest proves your identity because you should be the only one with that stamp.<\/strong> Sealing the message with your individual crest lets the recipient know that you\u2019re the one who sealed the message.<\/li><li><strong>The unbroken wax seal means no one altered the message in transit. <\/strong>This lets your friend know that the message\u2019s integrity has been protected and that no one altered it since you sent it.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In much the same way, communications on the internet also need to have these same types of protections. While they\u2019re not being sent by horseback, <a href=\"https:\/\/www.hp.com\/us-en\/shop\/tech-takes\/how-does-the-internet-work\">digital communications pass through a lot of \u201chands\u201d<\/a> as they transmit across the internet in the form of servers, routers, and other intermediates until they reach the right destination. This means that cybercriminals would have many opportunities to alter or manipulate your information in transit if there wasn\u2019t a way for the recipient to verify the message\u2019s integrity.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s a great video from Computerphile that helps to explain PKI digital signatures in another way:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"What are Digital Signatures? - Computerphile\" width=\"960\" height=\"540\" src=\"https:\/\/www.youtube.com\/embed\/s22eJ1eVLTU?start=1&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-pki-digital-signature-vs-electronic-signature\">PKI Digital Signature vs Electronic Signature<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">People often mistakenly conflate PKI digital signatures and electronic signatures as being the same, but that\u2019s not quite true. Yes, a digital signature is a type of electronic signature, but <em>not all electronic signatures are digital signatures<\/em>. It\u2019s kind of like how all iPhones are smartphones but not all smartphones are iPhones. Sure, they both are a way to say you\u2019re someone on the internet, but only one of them (*cough*PKI signature*cough*) can actually help you prove your identity because it\u2019s more than <em>just<\/em> an online signature that can be altered.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"839\" height=\"654\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/pki-digital-signature-vs-electronic-elvis-example.jpg\" alt=\"An illustrative example that shows an electronic version of Elvis Presley's signature in comparison to a PKI digital signature\" class=\"wp-image-15186\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/pki-digital-signature-vs-electronic-elvis-example.jpg 839w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/pki-digital-signature-vs-electronic-elvis-example-300x234.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/pki-digital-signature-vs-electronic-elvis-example-768x599.jpg 768w\" sizes=\"auto, (max-width: 839px) 100vw, 839px\" \/><figcaption>With standard electronic signatures (on the left), there\u2019s no way to prove who really did the signature. But with PKI signatures (on the right) there\u2019s a clear trail to prove who created the signature. <\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s kind of like getting an autograph of your favorite athlete \u2014 like, say, quarterback Tom Brady. (Sorry, Pats fans, Tom is ours now! #TampaBayBucs) Sure, you could just walk up to Tom at a bar and ask him to sign something. But without having some way to authenticate that his signature is real \u2014 like, say, an official certificate of authenticity \u2014 then someone could argue that <em>anyone<\/em> could have signed his name.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Or, for all they know, you really could have gotten Tom to autograph one item. But what would stop you from sitting at home on the weekends, using his signature as an example so that you can forge his autograph on a bunch of Buccaneer\u2019s team gear that you want to sell? Well, nothing, unless your prospective buyers had a way to verify the autograph\u2019s legitimacy.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is kind of like the difference between an electronic signature and a digital signature:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>An electronic signature is signing your name in an electronic format.<\/strong> Instead of putting a physical ink-writing pen to paper, you\u2019re signing your name using electronic means. &nbsp;<\/li><li><strong>A PKI digital signature is like a certificate of authenticity.<\/strong> In this way, a public key signature is a way for you to sign something so that others can verify:<\/li><li>You, as the legitimate person or organization representative, actually signed the email, file, or software, and<\/li><li>The item you signed hasn\u2019t been modified or tampered with since you signed it.<\/li><\/ul>\n\n\n<span style=\"--tl-form-height-m:861.156px;--tl-form-height-t:899.625px;--tl-form-height-d:899.625px;\" class=\"tl-placeholder-f-type-shortcode_12653 tl-preload-form\"><span><\/span><\/span>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-two-cryptographic-processes-are-integral-to-the-digital-signing-process\">Two Cryptographic Processes Are Integral to the Digital Signing Process<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To really get at the heart of understanding public key signatures, you need to know about two cryptographic processes that play pivotal roles in their creation: encryption and hashing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-encryption\">Encryption<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This cryptographic process takes a mathematical algorithm and applies it to plaintext (readable) data to \u201cscramble\u201d it into an unreadable state. It can use:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>a single key to encrypt data and decrypt data (<a href=\"https:\/\/www.thesslstore.com\/blog\/symmetric-encryption-101-definition-how-it-works-when-its-used\/\">symmetric encryption<\/a>), or it can use<\/li><li>two separate keys (asymmetric encryption) to do the same.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">As you can see, there are some key differences (excuse the pun) between <a href=\"https:\/\/www.thesslstore.com\/blog\/asymmetric-vs-symmetric-encryption\/\">asymmetric and symmetric encryption<\/a>. Regardless of those differences, the process is, essentially, reversible (using the decryption key), which means that <strong>encryption is a two-way function<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In digital signatures, encryption is used to specifically encrypt the hash data to create the digital signature. (It doesn\u2019t encrypt the file or email you want to digitally sign \u2014 it only encrypts the hash value.)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hashing\">Hashing<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Hashing is a cryptographic function that also applies a mathematical algorithm to data and files. However, its purpose is different than an encryption algorithm \u2014 a hashing algorithm takes data of any length and maps it to an output (hash value) of a specific length. For example, you can take a single sentence or an entire book, apply a <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-hash-function-in-cryptography-a-beginners-guide\/\">hash function<\/a> to it, and the result will be an output (hash value) of the same length.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Because the process isn\u2019t reversible, there\u2019s not a key that reverts or maps the hash value back to the original input. This means that <strong>hashing is a<\/strong> <strong>one-way cryptographic function<\/strong>. (You know\u2026 because hashing only works in one direction.)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-5-uses-for-a-public-key-signature\">5 Uses for a Public Key Signature <\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In truth, digital signatures can be found all across the internet. For example, you can use digital signatures in the following applications:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-enabling-https-on-websites\">1. Enabling HTTPS on Websites<\/h3>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/the-ssl-store-digital-signature-certificate-chain.png\" alt=\"A screenshot of an SSL\/TLS certificate chain of trust \" class=\"wp-image-15187\" width=\"268\" height=\"333\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/the-ssl-store-digital-signature-certificate-chain.png 588w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/the-ssl-store-digital-signature-certificate-chain-241x300.png 241w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/the-ssl-store-digital-signature-certificate-chain-75x94.png 75w\" sizes=\"auto, (max-width: 268px) 100vw, 268px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-website-security-certificate-and-what-does-it-do-for-your-business\/\">website security certificate<\/a>, or what\u2019s known as an SSL\/TLS certificate, is one of the most central components of security on the internet. Installing this certificate on your server enables you to secure your website using the secure HTTPS protocol. Enabling HTTPS means that whenever customers connect to your website, their individual connections (and any data they share during their session) will be secured using encryption. This is what makes that nifty little padlock icon appear in your browser.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A digital signature is a part of what\u2019s known as the <a href=\"https:\/\/www.thesslstore.com\/blog\/explaining-ssl-handshake\/\">TLS handshake<\/a> (or what some people still call the SSL handshake). We won\u2019t get into all of the specifics here, but the first part of the handshake involves the website\u2019s server and user\u2019s browser exchanging information (including the server\u2019s SSL\/TLS certificate and digital signatures) via an asymmetric encrypted connection. Using a digital signature helps the server prove that it\u2019s the legitimate server for the website you\u2019re trying to visit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-signing-digital-documents-to-prove-their-legitimacy\">2. Signing Digital Documents to Prove Their Legitimacy<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/www.thesslstore.com\/digicert\/document-signing.aspx\">document signing certificate<\/a> enables you to apply your digital signature to many types of documents, including Microsoft Office documents and PDFs (depending on the specific certificate you use). Here\u2019s a quick example of what a digital signature looks like:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"490\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-pdf-sectigo-example-1024x490.png\" alt=\"A screenshot of a digitally signed email's public key signature message\" class=\"wp-image-15188\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-pdf-sectigo-example-1024x490.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-pdf-sectigo-example-300x144.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-pdf-sectigo-example-768x368.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-pdf-sectigo-example.png 1063w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-providing-extra-security-to-sensitive-emails\">3. Providing Extra Security to Sensitive Emails<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Using an email signing certificate (i.e., an S\/MIME certificate) allows you to apply your digital signature to your emails. This provides identity assurance and protects the integrity of your communications.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"284\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-example-1024x284.png\" alt=\"A screenshot of a digitally signed email\" class=\"wp-image-15189\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-example-1024x284.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-example-300x83.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-example-768x213.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-example.png 1138w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Note:<\/strong> For extra security, you can also use this certificate to send encrypted emails (to users who also use email signing certificates). This provides secure, end-to-end encryption that protects your data both while it\u2019s bouncing between servers and routers and sitting on your recipient\u2019s email server.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"457\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-message-example.png-1024x457.jpg\" alt=\"Screenshots of an encrypted email message and its corresponding email signing certificate, which uses a digital signature\" class=\"wp-image-15190\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-message-example.png-1024x457.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-message-example.png-300x134.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-message-example.png-768x342.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/email-public-key-signature-digital-signature-message-example.png.jpg 1209w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-securing-your-software-and-saas-supply-chain\">4. Securing Your Software and SaaS Supply Chain<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Using a <a href=\"https:\/\/www.thesslstore.com\/products\/code-signing-certificates.aspx\">code signing certificate<\/a> helps you to protect your supply chain. It also offers assurance to users who download your software that your software is both legitimate and unmodified.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When you sign your certificates using a code signing certificate, you\u2019ll display your verified company organization information (as shown in the screenshot on the right):<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"419\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/known-publish-vs-unknown-publisher-comparison-1024x419.png\" alt=\"A side-by-side comparison set of screenshots that shows the message that appears for software from an unknown publisher versus a known publisher.\" class=\"wp-image-15191\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/known-publish-vs-unknown-publisher-comparison-1024x419.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/known-publish-vs-unknown-publisher-comparison-300x123.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/known-publish-vs-unknown-publisher-comparison-768x314.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/known-publish-vs-unknown-publisher-comparison.png 1047w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>A side-by-side comparison of what it looks like when you have software that\u2019s signed using a code signing certificate (right) versus unsigned software (left). See the difference between \u201cPublisher: Unknown\u201d and \u201cVerified publisher: Microsoft Corporation\u201d messages? That\u2019s an example of digital identity in action. <\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Of course, unsigned (and software signed using standard code signing certificates) can also trigger Windows SmartScreen warning messages as well \u2014 the difference would be that digitally signed software would display the verified publisher information instead of \u201cUnknown publisher.\u201d<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"811\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/windows-smartscreen-unknown-publisher.png\" alt=\"A screenshot of the Windows Defender SmartScreen &quot;Unknown Publisher&quot; warning\" class=\"wp-image-15192\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/windows-smartscreen-unknown-publisher.png 865w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/windows-smartscreen-unknown-publisher-300x281.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/windows-smartscreen-unknown-publisher-768x720.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">To avoid displaying Windows SmartScreen messages, be sure to sign your software, code, and other executables using an <a href=\"https:\/\/www.thesslstore.com\/digicert\/code-signing-ev-certificate.aspx\">extended validation code signing certificate<\/a>. Using this PKI digital signature ensures Microsoft and its browsers automatically trust your software.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-enabling-secure-two-way-authentication-mutual-authentication\">5. Enabling Secure, Two-Way Authentication (Mutual Authentication)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Remember the SSL\/TLS handshake that we mentioned earlier? Well, in two-way authentication, or what\u2019s known as mutual authentication, both the server <em>and<\/em> the client prove their identities to one another. This means that in addition to the server providing its information to the client, the client must do the same by providing information to the server.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This information includes a generated hash value, digital client certificate, and cryptographic public key. The client generates the hash using data it exchanges with the server and encrypts the fixed length string using its private key (which is mathematically related to the public key it shares).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s a basic overview of how this process works:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"696\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/how-two-way-authentication-works-1024x696.png\" alt=\"An illustration depicting how mutual authentication works using public key signatures\" class=\"wp-image-15193\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/how-two-way-authentication-works-1024x696.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/how-two-way-authentication-works-300x204.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/how-two-way-authentication-works-768x522.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/how-two-way-authentication-works.png 1028w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>This illustration communicates the basic concepts of how two-way authentication works and the role PKI digital signatures play within the process. <\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-using-a-public-key-signature-matters-to-your-business-customers\">Why Using a Public Key Signature Matters to Your Business &amp; Customers<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Public key signatures are essential in an internet-oriented world. As <a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2021-11-10-gartner-says-cloud-will-be-the-centerpiece-of-new-digital-experiences\">more companies are moving to the cloud<\/a> and relying on this public network to conduct business and provide services, the roles of identity and integrity in security become more important.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Of course, we\u2019ve talked about the reasons why it\u2019s so important at length in a previous article. Be sure to check out our article on <a href=\"https:\/\/www.thesslstore.com\/blog\/digital-signatures-why-you-should-sign-everything\/\">why you should use digital signatures to sign everything<\/a>. But we\u2019ll quickly summarize the key reasons here for you about why digital signatures matter:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Attaches your identity to your software or communications. <\/strong>The best way to help users know whether your software or communications are legitimate is by giving them a way to verify your identity.<\/li><li><strong>Helps you protect your supply chain.<\/strong> If you\u2019re a software developer or publisher, one of the worst things that can happen is it someone uses your supply chain to attack customers while impersonating you. By signing your software or other executables, you\u2019re providing a way for users to verify whether your code is legitimate or if it\u2019s been altered after it was signed.<\/li><li><strong>Protects your organization\u2019s reputation.<\/strong> If you have a verifiable way to prove that you\u2019re authentic and your products or files are trustworthy, prospective customers are more likely to want to do business with you.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-wrapping-up-public-key-signatures-tl-dr\">Wrapping Up Public Key Signatures (TL;DR)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Thanks to all of you who\u2019ve stuck through this article to get to this point. For those of you who\u2019ve decided to skip to the end for the \u201ctoo long; didn\u2019t read\u201d portion of our article, welcome. We know your time is precious, so here\u2019s a quick overview of what we\u2019ve covered in this article so you can skim and head out on your way.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A digital signature is the modern wax seal for sensitive communications.<\/li><li>Organizations use digital signatures to assert their identity and ensure the integrity of their communications, files, software, and connections. Simply put, PKI signatures:<ul><li>Identifies you as you (and not an imposter).<\/li><\/ul><ul><li>Provides verification techniques to help prove that the message came from you (i.e., not someone else).<\/li><\/ul><ul><li>Protects the integrity of your communications and data so recipients know it\u2019s legitimate (not fake).<\/li><\/ul><\/li><li>Public key signatures are a type of electronic signature (but that doesn\u2019t mean all electronic signatures are digital signatures).<\/li><li>PKI digital signatures rely on public key infrastructure and cryptographic components like certificates and keys.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">All of this is to say that this cryptographic technique is all about helping companies prove their authenticity and giving users a way to verify that files, software, and other information haven\u2019t been manipulated or altered since they were digitally signed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Stay tuned next week for a related article that will break down how digital signatures work.<\/p>\n\n\n<span style=\"display:none\" class=\"tl-placeholder-f-type-shortcode_15135\"><\/span>\n","protected":false},"excerpt":{"rendered":"<p>PKI digital signatures can be found virtually everywhere \u2014 from digitally signed emails and software to secure websites. We\u2019ll break down what a PKI signature is and how it helps&#8230;<\/p>\n","protected":false},"author":17,"featured_media":15198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[13145,13144,13143],"class_list":["post-15183","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-digital-signature","tag-pki-signature","tag-public-key-signature","post-with-tags"],"views":22510,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/public-key-signature-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/15183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=15183"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/15183\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/15198"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=15183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=15183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=15183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}