Content integrity through digital signatures (signing)

Encryption guarantees the confidentiality of a data transaction.  Content integrity guarantees that the receiving trading partner gets the data in its originally sent form, ensuring that no modifications have been made to the data when it is in transit between trading partners.

Content integrity is achieved if the sender provides a digital signature, which includes an integrity control value. This value can be computed by using an appropriate cryptographic algorithm to fingerprint the data content. These cryptographic algorithms are called one-way hash functions or message integrity checks. Unlike encryption algorithms, however, one-way hash functions cannot be reversed or decrypted. One-way hash functions are constructed such that the probability is infinitely small that some arbitrary piece of plain-text can be hashed to a particular value, or that any two pieces of plain-text can be hashed to the same value. One-way hash values are usually 112 to 512 bits long. The longer the hash value, the more secure it is. 

One-way hash functions do not require a key. Common hash algorithms are SHA-1 (Secure Hash Algorithm 1), which generates a hash value of 160 bits, and MD5 (Message Digest 5) which generates a hash value of 112 bits. To determine content integrity, the sending trading partner adds a digital signature to the data content, which includes a one-way hash value of the message. This value is unique and fingerprints the transaction. The sending trading partner sends the hash value along with the data. The receiving trading partner, using the same one-way hash function, calculates the hash value for the received data message content. If the received hash value matches the calculated hash value, then the receiving trading partner is assured that the data content has not been tampered with or altered in any way.