CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)       9  4.2  Concepts in Using Cryptography            9  4.2.2  Integrity

4.2.2  Integrity 1 2 3 4.2.3  Authentication

Confidentiality vs. Data Integrity

Note the difference between using asymmetric encryption for confidentiality and data integrity differ:

• When using asymmetric encryption to ensure confidentiality, the message contents are encrypted with the receiver’s public key and decrypted with their private key.
  
  
• When using asymmetric encryption to ensure data integrity, a digest of the message contents, not the message itself, is encrypted with the sender’s public key and decrypted with their private key.

You are not required to encrypt a message before digitally signing it. You can digitally sign an unencrypted message, thus providing a data integrity check without data confidentiality. If you look at the above steps to create and verify a digital signature, you see nothing about encrypting contents – the only data encrypted is the message’s hash value. Why would you want to do this? You might be sending out a security bulletin whose contents are meant to be public, and want receivers to be able to verify that the message came from a recognized authority and has not been changed since it was written. Again, note that the potential issues with hashing functions still exist – it is theoretically possible, though considered computationally infeasible, to come up with an alternate document which hashes to the same message digest value.

You can also combine both techniques to provide both confidentiality and data integrity.

4.2.2  Integrity 1 2 3 4.2.3  Authentication