This chapter covers non-repudiation and digital signatures, two critical concepts in cryptography and identity verification. For the SY0-701 exam, these topics fall under Domain 1.0 General Security Concepts, Objective 1.1: Compare and contrast various types of security controls. Understanding how digital signatures provide authenticity, integrity, and non-repudiation is essential for implementing secure communications and legally binding electronic transactions. We will explore the underlying mechanisms, real-world applications, and common exam pitfalls so you can confidently answer scenario-based questions.
Jump to a section
Imagine you draft a contract, sign it with your unique signature, and seal it in an envelope. The signature proves you wrote it (authentication) and the envelope ensures it wasn't tampered with (integrity). But what if you later claim you never signed it? To prevent this, you take the sealed envelope to a notary public. The notary watches you sign, stamps the envelope with an official seal, and records the event in a log. Now, anyone who later sees the notary's stamp knows the signature was made by you at that time—you cannot deny it. The notary's stamp is like a digital signature: it binds your identity to the document. The notary's log is like a public key infrastructure (PKI) that timestamps and records the signature. If someone tries to forge your signature, the notary's records will expose the fraud. In the digital world, the hash of the document is like the contract text; your private key encrypts the hash to create the digital signature (like your wax seal), and the public key decrypts it to verify (like the notary's stamp). The notary's impartiality ensures non-repudiation—just as a trusted certificate authority ensures the digital signature is valid and tied to you.
What Are Non-Repudiation and Digital Signatures?
Non-repudiation is the assurance that someone cannot deny the validity of something they created or approved. In cybersecurity, it means a sender cannot deny sending a message, and a signer cannot deny signing a document. Digital signatures are the primary cryptographic tool used to achieve non-repudiation. They provide three core security services:
Authentication: Verifies the identity of the signer.
Integrity: Ensures the signed data has not been altered.
Non-repudiation: Prevents the signer from denying their involvement.
SY0-701 tests your ability to identify when non-repudiation is needed (e.g., legal contracts, audit logs) and how digital signatures differ from other cryptographic controls like hashing or encryption.
How Digital Signatures Work Mechanically
Digital signatures rely on asymmetric cryptography (public/private key pairs). The process involves two phases: signing and verification.
Signing (by the sender): 1. The sender creates a message (e.g., an email or document). 2. A cryptographic hash function (e.g., SHA-256) produces a fixed-size digest of the message. The hash is unique; any change to the message produces a different hash. 3. The sender encrypts the hash using their private key. This encrypted hash is the digital signature. 4. The sender attaches the digital signature to the message and sends both to the recipient.
Verification (by the recipient): 1. The recipient separates the message and the digital signature. 2. The recipient decrypts the digital signature using the sender's public key. This yields the original hash (as computed by the sender). 3. The recipient independently computes the hash of the received message using the same hash function (e.g., SHA-256). 4. The recipient compares the two hashes. If they match, the message is authentic and unaltered.
Why this provides non-repudiation: Only the sender's private key could have produced the encrypted hash. Since the private key is known only to the sender, successfully decrypting with the public key proves the sender signed it. The sender cannot later claim they didn't—unless their private key was compromised.
Key Components and Standards
Hash Functions: - SHA-256 (Secure Hash Algorithm 256-bit) is the most common for digital signatures. SHA-1 is deprecated due to collision attacks. MD5 is never used for signatures. - Hash length: SHA-256 produces a 256-bit (32-byte) digest.
Asymmetric Algorithms: - RSA (Rivest-Shamir-Adleman): Most widely used. Key sizes: 2048 bits minimum (SY0-701 expects 2048 or higher). - DSA (Digital Signature Algorithm): Used in federal standards (FIPS 186). Key size: 1024-3072 bits. - ECDSA (Elliptic Curve Digital Signature Algorithm): Uses smaller keys for equivalent security (e.g., 256-bit ECC ≈ 3072-bit RSA).
Digital Signature Standards: - PKCS#7 / CMS (Cryptographic Message Syntax): Used for signing and enveloping data. - X.509: Public key certificate format that binds an identity to a public key. - RFC 3161: Timestamp protocol to prove existence of data at a specific time.
Public Key Infrastructure (PKI): - Certificate Authority (CA): Issues digital certificates containing the public key and identity. - Registration Authority (RA): Verifies identity before certificate issuance. - Certificate Revocation List (CRL) / Online Certificate Status Protocol (OCSP): Check if a certificate is revoked.
Attackers and Defenders
Attackers exploit weak signature implementations: - Hash collision attacks: If an attacker can find two messages with the same hash, they could swap a signed message with a malicious one. SHA-256 is currently collision-resistant; SHA-1 is not (e.g., SHAttered attack in 2017). - Private key theft: If an attacker steals the private key, they can sign messages as the victim. Defenders protect private keys with hardware security modules (HSMs) or smart cards. - Certificate forgery: Attackers may create fake certificates if a CA is compromised (e.g., DigiNotar breach). Defenders use certificate transparency logs and pinning. - Replay attacks: An attacker re-sends a previously signed message. Defenders use timestamps and nonces.
Defenders deploy digital signatures for: - Code signing: Software publishers sign executables to prove authenticity. Windows uses Authenticode. - Email signing: S/MIME (Secure/Multipurpose Internet Mail Extensions) signs emails. - Document signing: PDF signing with Adobe Acrobat or Microsoft Office digital signatures. - Audit logs: Signed logs ensure tamper evidence and non-repudiation of log entries.
Real Command/Tool Examples
Using OpenSSL to sign and verify:
# Generate a private key
openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
# Extract the public key
openssl rsa -pubout -in private.pem -out public.pem
# Create a message file
echo "This is a signed message." > message.txt
# Sign the message (create signature)
openssl dgst -sha256 -sign private.pem -out signature.bin message.txt
# Verify the signature
openssl dgst -sha256 -verify public.pem -signature signature.bin message.txtUsing GnuPG (GPG) for signing:
# Generate a key pair
gpg --gen-key
# Sign a file
gpg --sign file.txt
# Verify a signed file
gpg --verify file.txt.gpgWindows PowerShell for code signing:
# Sign a script with a certificate
Set-AuthenticodeSignature -FilePath script.ps1 -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert)
# Verify signature
Get-AuthenticodeSignature -FilePath script.ps1Summary of Key Points for SY0-701
Non-repudiation is achieved through digital signatures, not encryption alone.
Digital signatures use the signer's private key to encrypt a hash; verification uses the public key.
The hash ensures integrity; the encryption of the hash ensures authentication and non-repudiation.
Common algorithms: RSA (2048+ bits), DSA, ECDSA. Hash: SHA-256.
PKI provides the trust framework via CAs, certificates, and revocation.
Exam scenarios often ask: "Which control provides non-repudiation?" Answer: Digital signature.
Sender Creates Document
The process begins when a sender (e.g., Alice) creates a digital document, such as a contract or email. The document is in plaintext or binary format. At this stage, the document has no security protections. The sender intends to sign it to prove authorship and prevent later denial. In a real scenario, the sender would use an application like Microsoft Word, Outlook, or a custom signing tool. The document could be any file: .txt, .pdf, .docx, etc. The signing process is independent of the file format.
Hash the Document
The sender's software computes a cryptographic hash of the document using a secure hash algorithm, typically SHA-256. The hash is a fixed-length string (e.g., 64 hex characters for SHA-256). This step ensures integrity: any change to the document will produce a different hash. The hash is not encrypted yet—it is just a digest. Tools like OpenSSL or built-in OS functions perform this step. For example, the command `sha256sum document.txt` produces the hash. The hash is unique to the document's exact content.
Encrypt Hash with Private Key
The sender encrypts the hash using their private key. This encrypted hash is the digital signature. The private key is kept secret and should be stored securely, often in an HSM or smart card. The encryption algorithm (e.g., RSA) uses the private key to transform the hash into a ciphertext that can only be decrypted with the corresponding public key. This step binds the signer's identity to the document. The output is typically a binary file (e.g., .sig or .bin) that is attached or transmitted alongside the document.
Send Document and Signature
The sender transmits both the original document and the digital signature to the recipient (e.g., Bob). The transmission channel could be email, file transfer, or any network protocol. The signature may be appended (e.g., in S/MIME emails) or sent as a separate file. At this point, the document is not encrypted—only the hash is encrypted. If confidentiality is needed, the sender would separately encrypt the document. The recipient will use the sender's public key to verify.
Recipient Verifies Signature
The recipient separates the document and signature. They obtain the sender's public key, typically from a digital certificate issued by a trusted CA. The recipient decrypts the signature using the sender's public key, revealing the original hash. Then, they independently compute the hash of the received document using the same hash algorithm. If the two hashes match, the signature is valid: the document is authentic (signed by the private key holder) and unchanged. If they don't match, the signature is invalid—the document may be tampered or the signature forged.
Scenario 1: Code Signing in a Software Development Company
A software company distributes an update for its application. The development team signs the executable with a code signing certificate issued by a trusted CA. When a user downloads the update, Windows checks the digital signature. If the signature is valid and the certificate chain is trusted, Windows allows the installation. If the signature is missing or invalid, Windows displays a warning: "Windows protected your PC." A security analyst in the SOC might see a security event ID 1008 (Signature Verification) or a SmartScreen warning. The correct response is to verify the publisher's certificate and ensure the file hash matches the official release. A common mistake is ignoring the warning and allowing the unsigned executable to run, potentially installing malware. The analyst should use tools like sigcheck from Sysinternals to inspect the signature:
sigcheck.exe -a installer.exeScenario 2: Signed Audit Logs in a Financial Institution
A bank's compliance team requires that all log entries from critical servers be digitally signed to ensure non-repudiation. The logging system generates a hash of each log entry and signs it with the server's private key. Logs are stored in a central SIEM. An auditor later reviews the logs and verifies signatures using the server's public key. If a log entry was altered, the signature verification fails. The SIEM can automatically alert on signature mismatches. A common mistake is relying solely on hashing without signing—hashing only provides integrity, not non-repudiation. An attacker could modify logs and recompute the hash. With digital signatures, the attacker would need the private key to re-sign. The correct response is to keep private keys in HSMs and rotate them periodically.
Scenario 3: Email Signing with S/MIME in a Healthcare Organization
A doctor sends a patient's prescription via email. The email is signed using S/MIME with the doctor's personal certificate. The recipient (pharmacy) verifies the signature to confirm the email came from the doctor and hasn't been altered. If the signature is valid, the pharmacy can trust the prescription. If the signature is invalid, the email may be a phishing attempt. A security analyst might see a failed S/MIME verification in email gateway logs (e.g., Exchange Online message trace). The correct response is to quarantine the email and notify the intended recipient. A common mistake is assuming that encryption alone provides non-repudiation—encryption only provides confidentiality. The exam often tests this distinction.
What SY0-701 Tests
Objective 1.1 asks you to compare and contrast security controls, including technical controls like digital signatures. You must understand:
The difference between hashing, encryption, and digital signatures.
Which control provides non-repudiation.
How non-repudiation is achieved (signing with private key).
The role of PKI and certificates.
Common algorithms: RSA, DSA, ECDSA, SHA-256.
Most Common Wrong Answers
"Encryption provides non-repudiation." – Wrong. Encryption provides confidentiality. Non-repudiation requires a digital signature. Candidates confuse the two because both use keys.
"Hashing provides non-repudiation." – Wrong. Hashing provides integrity only. Without signing the hash, anyone can compute a new hash after modification.
"The sender's public key is used to create the digital signature." – Wrong. The private key creates the signature; the public key verifies it.
"Digital signatures encrypt the entire message." – Wrong. Only the hash is encrypted, not the message.
Specific Terms and Acronyms on the Exam
Non-repudiation: Assurance that someone cannot deny an action.
Digital signature: Cryptographic method using private key to sign a hash.
Hash function: SHA-256 (most referenced).
Asymmetric encryption: RSA, ECDSA.
PKI: Public Key Infrastructure.
CA: Certificate Authority.
CRL/OCSP: Revocation checking.
Trick Questions
"Which cryptographic concept ensures that a sender cannot deny sending a message?" – Answer: Non-repudiation (not encryption or hashing).
"What is the difference between a digital signature and a digital certificate?" – A digital signature is a cryptographic value; a digital certificate binds an identity to a public key.
"Which key is used to verify a digital signature?" – The sender's public key.
Decision Rule for Eliminating Wrong Answers
On scenario questions, first identify the security goal: authentication, integrity, confidentiality, or non-repudiation. If the scenario mentions "deny sending" or "prove origin," eliminate options that only provide integrity (hashing) or confidentiality (encryption). Look for keywords like "sign," "private key," "certificate." The correct answer will involve a digital signature and the signer's private key.
Non-repudiation ensures a party cannot deny an action; digital signatures provide it.
A digital signature is created by encrypting a hash with the signer's private key.
Verification uses the signer's public key to decrypt the hash and compare with a recomputed hash.
Common signature algorithms: RSA (2048+ bits), DSA, ECDSA (256+ bits).
Common hash algorithm: SHA-256 (SHA-1 deprecated).
PKI supports digital signatures via certificates, CAs, and revocation (CRL/OCSP).
Digital signatures do not encrypt the message—only the hash.
On the exam, if a scenario requires proving who sent a message, the answer is a digital signature.
These come up on the exam all the time. Here's how to tell them apart.
Digital Signature
Provides authentication, integrity, and non-repudiation.
Uses asymmetric cryptography (private key to sign).
Output is a ciphertext of the hash.
Verification requires the signer's public key.
Binds identity to data.
Hash (Message Digest)
Provides integrity only.
Uses a one-way function (no key).
Output is a fixed-length string.
No identity binding; anyone can compute the same hash.
No non-repudiation.
Digital Signature
Uses two keys (public/private pair).
Provides authentication and non-repudiation.
Slower due to asymmetric math.
Used for signing small data (hash).
Key management: private key kept secret, public key shared.
Symmetric Encryption (e.g., AES)
Uses one shared secret key.
Provides confidentiality only.
Faster for bulk encryption.
Used for encrypting large data.
Key management: both parties must share the key securely.
Digital Signature
A value appended to data.
Proves authenticity and integrity of data.
Created by the signer using their private key.
Can be verified by anyone with the public key.
Does not contain identity info directly.
Digital Certificate
A document containing a public key and identity.
Binds a public key to an entity (person, server).
Issued by a trusted CA.
Used to distribute public keys for signature verification.
Contains subject, issuer, validity period, etc.
Mistake
Digital signatures encrypt the entire message.
Correct
Digital signatures encrypt only the hash of the message, not the message itself. The message remains in plaintext (or separately encrypted).
Mistake
A digital signature is the same as a digital certificate.
Correct
A digital signature is a cryptographic value that proves authenticity and integrity. A digital certificate is a document that binds a public key to an identity, issued by a CA.
Mistake
Hashing alone provides non-repudiation.
Correct
Hashing provides integrity only. Non-repudiation requires the hash to be signed with a private key so the signer cannot deny creating it.
Mistake
The recipient's public key is used to verify a digital signature.
Correct
The sender's public key is used to verify the signature. The recipient's keys are for encryption/decryption, not signature verification.
Mistake
Non-repudiation is automatically provided by encryption.
Correct
Encryption provides confidentiality, not non-repudiation. A sender can still deny encrypting if the key is shared. Non-repudiation requires a digital signature.
Non-repudiation is the assurance that someone cannot deny the validity of something they created or approved. In cybersecurity, it means a sender cannot deny sending a message, and a signer cannot deny signing a document. Digital signatures are the primary mechanism to achieve non-repudiation by using the signer's private key to create a signature that can be verified with the public key. For the SY0-701 exam, remember that non-repudiation is a legal concept often required for audit trails and contracts.
A digital signature provides non-repudiation because only the signer possesses their private key. When a signature is created by encrypting a hash with the private key, anyone with the corresponding public key can verify that the signature came from that private key. Since the private key is supposed to be known only to the signer, the signer cannot later deny signing the document—unless the key was compromised. This binding between the key and the signer is reinforced by a digital certificate issued by a trusted CA.
A digital signature is a cryptographic value that proves the authenticity and integrity of a message or document. It is created by signing a hash with a private key. A digital certificate, on the other hand, is an electronic document that binds a public key to an identity (e.g., a person or server). Certificates are issued by certificate authorities (CAs) and contain information like the subject, issuer, validity period, and the public key. Digital signatures use the private key from a certificate to sign data, and the certificate provides the public key for verification.
No, encryption alone does not provide non-repudiation. Encryption provides confidentiality by scrambling data so only authorized parties can read it. However, if two parties share a symmetric key, either could have encrypted the data, so neither can be uniquely identified. Asymmetric encryption (public key) can provide authentication if the private key is used to encrypt, but the standard method for non-repudiation is a digital signature, which encrypts a hash rather than the entire message. SY0-701 tests this distinction: encryption ≠ non-repudiation.
A hash collision occurs when two different inputs produce the same hash output. If an attacker can find a collision, they could create a malicious document that has the same hash as a legitimate signed document. The digital signature would still verify because the hash matches, allowing the attacker to swap the document. This is why secure hash functions like SHA-256 are required. SHA-1 is vulnerable to collision attacks (e.g., SHAttered). For SY0-701, know that SHA-256 is the minimum recommended hash for digital signatures.
A Certificate Authority (CA) is a trusted entity that issues digital certificates. The certificate binds a public key to an identity (e.g., a person, server, or organization). When verifying a digital signature, the verifier uses the signer's public key from their certificate. The verifier must trust the CA that issued the certificate. The CA also manages certificate revocation via CRLs or OCSP. Without a CA, there is no trusted way to associate a public key with a specific identity, undermining non-repudiation.
In public key cryptography, signing uses the sender's private key to encrypt a hash, providing authentication and non-repudiation. Encryption uses the recipient's public key to encrypt data, providing confidentiality. The key difference: signing proves who created the data, while encryption ensures only the intended recipient can read it. A common exam trick is to ask which key is used for signing (private) vs. encryption (public of recipient). Also, signing does not hide the content; encryption does.
You've just covered Non-Repudiation and Digital Signatures — now see how well it sticks with free SY0-701 practice questions. Full explanations included, no account needed.
Done with this chapter?