Lists Home |
Date Index |
> With a signature, both you and the receiver can perform a
> subsequent test that the signature and file still match up. Of course,
> if the signature is also with the original data, and that's your only
> copy, then someone could replace the signature too.
There are actually two parts to checking a signature -- verifying that the
signature is correct, and validating the identity of the signer. An
adversary replacing the signature can pass the first test, but won't pass
> Even if not, you or
> the receiver could conceivably maliciously replace both the file and
> the signature, thus creating an uncertainty about whose copy is
If the signature is using something like RSA, then not really. While the
sender can create a new signed document, it will be harder for them to
repudiate that they signed the first one.
Application Integration Middleware