> For the complete documentation index, see [llms.txt](https://sc24.gitbook.io/sc24-crypto-python-workshop/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sc24.gitbook.io/sc24-crypto-python-workshop/tutorial/openapi.md). # Digital Signatures and Certificates ### Importance of Digital Signatures Digital signatures are a crucial component of modern cryptographic systems. They provide a way to ensure the authenticity and integrity of digital messages or documents. By using a digital signature, you can verify that a document was created by a legitimate source and that it has not been altered in transit. #### Key Benefits: * **Authentication**: Confirms the identity of the sender. * **Integrity**: Ensures that the message or document has not been tampered with. * **Non-repudiation**: Prevents the sender from denying having sent the message. Digital signatures are widely used in various applications such as software distribution, financial transactions, and secure communications. *** ### How Digital Signatures Ensure Authenticity A digital signature is generated using the sender's private key and can be verified by anyone using the sender's public key. The process involves two main steps: 1. **Signing**: * The sender creates a hash of the message or document. * This hash is then encrypted with the sender's private key to create the digital signature. * The signature is attached to the message or document. 2. **Verification**: * The recipient decrypts the signature using the sender's public key to retrieve the hash. * The recipient also computes the hash of the received message or document. * If the computed hash matches the decrypted hash, the signature is valid, confirming authenticity and integrity. *** ### Working with Digital Certificates and Signatures in Python Digital certificates and signatures are essential for establishing trust in digital communications. Certificates are used to verify the identity of the certificate holder and are typically issued by a trusted Certificate Authority (CA). #### Example: Generating and Verifying Digital Signatures with RSA To work with digital signatures in Python, we'll use the `pycryptodome` library. **Generate Digital Signature** ```python from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from Crypto.Signature import pkcs1_15 from Crypto.Hash import SHA256 from Crypto.Random import get_random_bytes # Generate RSA key pair key = RSA.generate(2048) # Extract private key private_key = key.export_key() public_key = key.publickey().export_key() # Define the message message = b"This is a confidential document." # Create a SHA-256 hash of the message hash = SHA256.new(message) # Sign the hash with the private key signature = pkcs1_15.new(RSA.import_key(private_key)).sign(hash) print(f"Signature: {signature.hex()}") ``` ### Verify Digital Signature ```python from Crypto.PublicKey import RSA from Crypto.Signature import pkcs1_15 from Crypto.Hash import SHA256 # Load the public key public_key = RSA.import_key(open('public.pem').read()) # Define the message and compute its hash message = b"This is a confidential document." hash = SHA256.new(message) # Verify the signature try: pkcs1_15.new(public_key).verify(hash, signature) print("Signature is valid.") except (ValueError, TypeError): print("Signature is invalid.") ``` ### Example: Working with Digital Certificates Digital certificates are often used to provide secure communication over the internet. They typically contain the public key of the certificate holder and are signed by a Certificate Authority (CA). #### Example: Loading and Verifying a Digital Certificate For demonstration purposes, we will use an existing certificate and verify its signature. This involves parsing the certificate, extracting the public key, and verifying the signature. ```python from Crypto.PublicKey import RSA from Crypto.Signature import pkcs1_15 from Crypto.Hash import SHA256 from cryptography import x509 from cryptography.hazmat.primitives import serialization # Load and parse a certificate cert_file = open('certificate.pem', 'rb') cert = x509.load_pem_x509_certificate(cert_file.read()) # Extract public key from certificate public_key = cert.public_key() # Define the message and hash message = b"This is a confidential document." hash = SHA256.new(message) # Load the signature from the certificate signature = cert.signature # Verify the signature try: public_key.verify(signature, hash, padding.PKCS1v15(), hashes.SHA256()) print("Certificate signature is valid.") except (ValueError, TypeError): print("Certificate signature is invalid.") ``` In this example, `cryptography` library is used for working with certificates, while `pycryptodome` is used for handling RSA keys and signatures. Digital signatures and certificates play a pivotal role in securing digital communications and verifying identities. By using cryptographic techniques to create and verify signatures and certificates, you can ensure the authenticity and integrity of your data and communications. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://sc24.gitbook.io/sc24-crypto-python-workshop/tutorial/openapi.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.