Digital signatures have been used for years to provide one or more of the following benefits: (1) to enable software publishers to certify that a file has been tested and approved for release; (2) to enable the integrity of a file to be verified by an end user; and (3) to enable the identity of the software publisher to be verified using a trust model between the software publisher and an end user. Digital signatures are typically based on a combination of two technologies, namely, cryptographic hashing and public key cryptography. An exemplary method of digitally signing a file is shown in FIG. 1.
As shown in FIG. 1, process 10 for digitally signing a file m begins by performing a hash function on the contents of file m. File m, designated block 11 in FIG. 1, is passed through a hash function designated as block 12 to generate a hash function output h as shown as block 13. Hash function output h is encrypted using a private key (PrK) designated as block 14. To accomplish this, a public key encryption function is performed on hash function output h using the private key (PrK) at block 15. Encryption function output s (shown in block 16) is attached to original file m to form digitally signed file mds designated as block 17.
Digitally signed file mds may be verified according to a process as shown in FIG. 2. As shown in FIG. 2, digitally signed file mds, designated as block 17, comprising original file m and encryption function output s is subjected to a verification process 20 comprising the following steps. Component s, designated as block 16 within digitally signed file mds designated as block 17, is subjected to a public key decryption function using the public key PK shown in block 21. The public key decryption function decrypts component s in block 22 resulting in output h1 as shown in block 23. A hash function is performed on the entire contents of file m as shown in block 24 resulting in a hash function output h as shown in block 25. Hash function output h is compared with public key decryption function output h1 at decision block 26. If hash function output h matches public key decryption function output h1, a valid signature is determined as shown in block 27. If hash function output h does not match public key decryption function output h1, an error is detected as shown in block 28.
In order for the above verification process to be completed, the entire contents of digitally signed file mds, designated as block 17, which includes original file m designated as block 11 and encryption component s designated as block 16, must be loaded by a user's computer prior to the verification process. For large files, the need to load the entire digitally signed file results in undesirable performance features. Such undesirable performance features include, but are not limited to, excessive application boot time, loading of code and data that is not required to enable running of the application, unnecessary use of system memory due to loading of unused code and data (i.e., code and data that are not required to enable running of an application).
Efforts continue to provide the security of digitally signed files, while attempting to minimize application boot time, increase customer satisfaction, and maintain product quality.
Accordingly, there remains a need for improved technology solutions relating to the use of digital signatures and the process of verifying digital signatures.