Digital signatures

A database server certificate contains one or more digital signatures used to maintain data integrity and protect against tampering. Following are the steps used to create a digital signature:

  • An algorithm performed on a certificate generates a unique value or hash.
  • The hash is encrypted using a signing certificate's or Certificate Authority's private key.
  • The encrypted hash, called a digital signature, is embedded in the certificate.

A digital signature can be self-signed or signed by an enterprise root certificate or Certificate Authority.

When a client application contacts a database server, and each is configured to use transport-layer security, the server sends the client a copy of its certificate. The client decrypts the certificate's digital signature using the server's public key included in the certificate, calculates a new hash of the certificate, and compares the two values. If the values match, this confirms the integrity of the server's certificate.

If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA.

For more information about self-signed certificates, see Self-signed root certificates.

For more information about enterprise root certificates and Certificate Authorities, see Certificate chains.

Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0