Non-Repudiation

As discussed in Chapter 5 on cryptography, digital signatures provide for non-repudiation where, in an electronic transaction, the sender of a transmitted document cannot deny sending that document to the receiver. Recall that a digital signature is accomplished by generating a message digest that is smaller than the size of the original data but is bound to the original data and to the identity of the sender. This message digest is attached to the message and transmitted with the message to the recipient. The recipient then takes the received message, applies the same cryptographic transformation as the sender to generate the message digest, and compares the message digest generated by the sender with the message digest produced by the receiver. If the two digests are identical, the origin is verified, the message is authenticated, its integrity is intact, and signatory non-repudiation is effected.

Get Web Commerce Security Design and Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.