Where
To provide integrity it is not necessary to translate the plaintext
into another form, instead some fixed size checksum is provided as
a result of putting the data through the algorithm. The checksum can
be thought of as the remainder from the function when all of the data
has been processed. The checksum is then a function of the value of
the data and the key. If the data is changed then a different checksum
would be calculated - consequently any change to the data can
be detected by recalculating the checksum. The integrity checksum
is usually kept with the data in the storage system or when the data
is sent over a communications link. The checksum is also known as
a <#781#> seal<#781#>; a <#782#> certificate<#782#> is a combination of some data
and the associated seal. Often the seal may include details of the
algorithm used to calculate the checksum and a identifier of any key
used. Data that is protected for confidentiality is automatically
protected for integrity; if the encrypted data is changed then the
original data will not be recovered after decryption by the receiver.
To allow for this a known value is placed with the data so the
receiver can tell if decryption has been successful. If the ciphertext
is changed in any way then the original plaintext cannot be obtained,
and the change will be detected. Most of the algorithms used for confidentiality
protection would result in some completely unintelligible output if
corrupted ciphertext was used. However, it is common to add in some
well known information that can be easily checked when the decipherment
has been completed.
There are two classes of functions, or algorithms, used in cryptography:
secret key (or symmetric) algorithms, and public key (or asymmetric)
algorithms. These two classes have different uses due to the different
characteristics of the algorithms.