However, one additional step is performed:Īfter creating the signature, the “Simple Signer” converts the binary signature to a base64-encoded String. It creates a digital signature, as sketched above. In the command palette of the iFlow Designer we have a iFlow step called “Simple Signer” (see my previous blog post). Typically, the 2 mentioned steps (create new hash and compare) are performed by one verification command, using tools or libraries. If the hashes are different, the receiver cannot trust the received content. If a hacker would change even one single little character, the resulting hash code would be completely different.Īs such, a simple comparison of the 2 hash codes proves that the original content has not been modified. The characteristics of a hash code is: it is always the same.Īs such, the hash code that is created by the receiver must be equal to the hash code that he has received. To do so, the same algorithm (like the sender) needs to be applied. ![]() The receiver creates his own hash code of the received content. Once the hash code is available, it can be verified. In this case, the original content cannot be restored, but at least the receiver knows that the content is not to be trusted. If the decryption fails, then it is clear that some hacker has modified the important original content and created a new signature. If the decryption doesn’t fail, then it is proven that the hash code was encrypted with the private key that belongs to the public key (not any foreign private key of a hacker). Using the public key, the encrypted hash code can be decrypted. It can have been sent beforehand or downloaded from the internet. The receiver has a hold of the public key of the sender. ![]() It is desired to check if the content is trustworthy or if it has been modified while transferring over the internet. To verify a digital signature, the following steps are required:įirst of all, in this scenario, the original content has been received in plaintext and can be viewed. Note that the public key is not secret, can be published anywhere and can be contained in a X.509 certificate. Note that the receiver needs the public part of the key pair. Note that in context of digital signatures, the content itself is not secret, not encrypted. The receiver can check if the content is not modified while being transferred (= verify). This hash code is encrypted using the private part of a key pair.Īfterwards, the content + encrypted hash + algorithm is sent to the receiver. Some content (like text of image, etc) is important and should be protected against modification.Ī hash code (= digest = fingerprint) is created based on a dedicated algorithm. ![]() The previous tutorial explains the basics about digital signatures and how to create them with the Simple Signer in CPI.įor remaining open questions I recommend the Security Glossary. To follow this tutorial, access to a Cloud Integration tenant is required, as well as basic knowledge about creating iFlows. This blog shows how to do such verification programmatically with a groovy script.Īppendix 3: Groovy Script to search Security Provider 0. However, currently there’s no functionality to automatically verify such a digital signature. SAP Cloud Integration (CPI) provides functionality to automatically sign a message with a digital signature ( Simple Signer).
0 Comments
Leave a Reply. |