2.2 Digital Signature

To enhance security through verifiable authenticity, it is advisable to encrypt the hash, which forms the foundation of a digital signature. In this process, a firmware digest is generated through a hash function and subsequently encrypted with public-key cryptography, resulting in a digital signature comparable to conventional signatures utilized in daily transactions.

Public-key or asymmetric encryption uses a pair of keys to heightened security. The host encrypts the signature with a private key (which remains confidential) while the client uses the corresponding public key to decrypt it.

Figure 2-2. Digital Signature Creation and Verification

The exclusive ability of the private key to encrypt data ensures that only the host is capable of creating the signature, effectively preventing unauthorized users from replicating the attack outlined previously. However, the signature's authenticity can be confirmed by anyone using the manufacturer's public key.