decrypt the data.
When public key cryptography is
used for encryption, any party
may use any other party's public
key to encrypt a message;
however, only the party with the
corresponding private key can
decrypt, and thus read, the
Since secret key encryption is
typically much faster, it is
normally used for encrypting
larger amounts of data.
In computer systems, it is not
always possible for humans to scan information to determine if data has been erased, added, or
Even if scanning were possible, the individual may have no way of knowing what the
correct data should be.
For example, "do" may be changed to "do not," or $1,000 may be
changed to $10,000.
It is therefore desirable to have an automated means of detecting
intentional and unintentional modifications of data.
While error detecting codes have long been used in communications protocols (e.g., parity bits),
these are more effective in detecting (and correcting) unintentional modifications.
They can be
defeated by adversaries.
Cryptography can effectively detect both intentional and unintentional
modification; however, cryptography does not protect files from being modified.
Both secret key
and public key cryptography can be used to ensure integrity.
Although newer public key methods
may offer more flexibility than the older secret key method, secret key integrity verification
systems have been successfully integrated into many applications.
When secret key cryptography is used, a message authentication code (MAC) is calculated from
and appended to the data.
To verify that the data has not been modified at a later time, any party
with access to the correct secret key can recalculate the MAC.
The new MAC is compared with
the original MAC, and if they are identical, the verifier has confidence that the data has not been
modified by an unauthorized party.
Computer Data Authentication
, specifies a
standard technique for calculating a MAC for integrity verification.
Public key cryptography verifies integrity by using of public key signatures and secure hashes.
secure hash algorithm is used to create a message digest.
The message digest, called a hash, is a