NonStop SOAP User's Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

251

252

253

254

255

256

257

258

259

260

NonStop SOAP User’s Manual—520501-012

7-1

NonStop SOAP with Digital

Signatures

This section provides information about “NonStop SOAP with Digital Signatures” to

enhance message integrity and security for all NonStop SOAP transactions.

Introduction to Digital Signatures

Digital Signatures are primarily used to validate the sender’s identity and confirm that

the information contained in the message has not been tampered with. It is a special

computation involving both the private key and the plain-text of the message. Digital

Signatures are unique to the party that originates the data and performs Digital

Signing. This process also uses hash functions. Therefore, digital signatures combine

hashing (for the validation of the signature data) with asymmetric encryption to encode

the signature data.

Consider a case where User A digitally signs data and sends it to User B. The

following sequence of events occur when data is signed by User A with a Digital

Signature and sent to User B:

•

A hash algorithm is applied to the data to create a hash value.

•

The hash value is encrypted with User A’s private key, thereby creating the Digital

Signature.

•

The digital signature and the data are sent to User B.

The following sequence of events occur when the digitally signed data is decrypted by

User B:

•

User B decrypts the signature by using User A’s public key and then recovers the

hash value. If the signature can be decrypted, User B knows that the data came

from User A (or the owner of the private key).

•

The hash algorithm is applied to the data to create a second hash value.

•

The two hash values are compared. If the hash values match, User B knows that

the data has not been modified.

Consider a scenario where the originator Client wishes to send a copy of a contract to

its Partners. The Client has two keys: private key and public key. The Client distributes

only its public key to all its Partners. Any one of the two keys can be used to encrypt

data, and the other key can decrypt that data. The following actions are performed by

the Client, to digitally sign the information, when sending the contract information to its

Partners:

1. The Client hashes (using a hashing algorithm) the contract information to obtain a

message digest.