Exam CISSP topic 1 question 331 discussion

Rather than encrypting the data itself, you can create a one-way hash of the data and then use your private key to encrypt the hash. The encrypted hash, along with other information like the hashing algorithm, is known as a digital signature.

B. Digital hash of the signed document A hash is part of the process (the sender signs the hash, not the whole doc). But by itself, the hash doesn’t prove authenticity unless verified with keys. C. Recipient's public key Wrong direction: the recipient’s key isn’t used. Verification needs the sender’s public key. -------------------------------------- Actually, the most precise answer here is: To verify authenticity, the recipient uses the sender’s public key to check the digital signature.The digital hash is compared as part of that process, but the essential requirement for authenticity verification is the sender’s public key. ✅ Correct Answer: C. Recipient uses the sender’s public key 👉 Memory Tip: Private key = sign ✍️ Public key = verify 🔍

ChatGTP: To verify the authenticity of a digitally signed document, you need to use the recipient's public key. Here’s how the process works: Digital Signature Creation: The sender creates a hash of the document (a unique fingerprint). The sender then encrypts this hash with their private key to create a digital signature. Verification Process: The recipient uses the sender's public key to decrypt the digital signature. This will give them the original hash that was created by the sender. The recipient also computes the hash of the received document. If the hashes match, the document is verified as authentic and unaltered, confirming the sender’s identity (as only the sender’s private key could have created the signature). Therefore, the recipient's public key is used to verify the digital signature's authenticity.

To verify the authenticity of a digitally signed document, you need 1. the digital signature itself (which is the encrypted hash). 2. The digital hash of the document, freshly calculated by the verifier. 3. The sender's public key (not the recipient's) to decrypt the digital signature back into the original hash.

This is an interesting question as it is checking if we understand the difference between authenticity and integrity. Document Authenticity requires us to validate if it was signed by the person; therefore we must use their public key to validate their private key (Answer=C). A "digital hash of the signed document" refers to a unique string of characters generated by a cryptographic hash function, which acts as a digital fingerprint of the signed document, ensuring that the document hasn't been altered since it was signed; essentially allowing for easy verification of its integrity.

B is correct

C. and I agree with BoyBastos. I addition to his comments, once the authenticity is verified using Sender's public key extracted from his/her/they public certificate (signed by CA), Receiver will then calculate the Hash of the information sent by Sender & match the generated Hash value with it. If the Hash matches, if proves Non-Repudiation for Sender, meaning that the sender now cannot deny what was sent by him. In summary, Authenticity is checked by using sender's Public Certificate and Non-Repudiation of Sender by calculating and comparing Hash value of the information. Cheers!

The question is about authenticity so B would be correct. You need the hash to determine that.

B. Digital hash of the signed document The digital hash of the signed document is used in the process of verifying the authenticity of a digitally signed document. When a document is digitally signed, a hash of the document is created, and that hash is encrypted with the sender's private key to create the digital signature. To verify the authenticity of the document, the recipient uses the sender's public key to decrypt the signature and obtain the hash. Then, the recipient hashes the received document and compares it to the decrypted hash. If they match, it verifies the document's authenticity.

option C. Recipient's public key not true, people is confusing with sender's public key using to verify a digital signature, so B is my choice

C. Recipient's public key To verify the authenticity of a digitally signed document, the recipient uses the sender's public key. The sender signs the document using their private key, and the recipient can then verify the signature using the corresponding public key. If the signature is valid, it confirms the authenticity of the document and ensures that it was indeed signed by the holder of the private key. The other options are not used for verifying the authenticity of a digitally signed document in the context of public key infrastructure (PKI).

B. "The hash value is unique to the document that is hashed or encrypted and any changes in that document will lead to a changed hash value, this characteristic facilitates the validation of the data by the recipients" https://hashstudioz.com/blog/how-does-a-digital-signature-help-in-validating-a-documents-authenticity/

The correct answer is D. Sender's private key. To verify the authenticity of a digitally signed document, the recipient must have the sender's public key and the signed document itself. The recipient then uses the public key to decrypt the digital signature on the document, which was created using the sender's private key. The digital signature is created by encrypting a hash of the document using the sender's private key. When the recipient decrypts the signature using the sender's public key, they obtain the hash of the original document. They can then compute the hash of the received document themselves and compare it to the decrypted hash. If the two hashes match, then the document is considered authentic and has not been modified in transit.

The "I" in CIA

…verify the signature with the senders public key