Everything You Ever Wanted To Know About RSA Signatures, But Were Afraid To Ask
At the core of digital trust is the usage of digital signatures. With this, we can verify the creator of the data, and also that it has not been modified. We do this using public-key encryption, and in this article, we will look at how we can use the hazmat (Hazardous Material) primitives in the Python cryptography library.
Overall, the three main signatures that we use are: RSA, ECDSA and EdDSA. These are defined in the FIPS 186 standard. RSA signatures are based on the RSA encryption method, and ECDSA and EdDSA are based on elliptic curve methods. And, so, while the encryption keys are typically greater than 2,048 bits, elliptic curve methods use keys that are around 256 bits long. But, while elliptic curve methods are faster and have smaller keys, RSA signing is still one of the most popular methods for proving identity, especially within HTTPs connections. The great thing about RSA is that we can use it for encryption and also for digital signatures (whereas, elliptic curve methods are typically just used for digital signatures in their purest form).
The humble digital signature
With a digital signature, we can prove the integrity of a message, and also the identity of the sender. In this, Bob will take a hash of the message, and then…
