CISSP · Question #1423
In order to provide dual assurance in a digital signature system, the design MUST include which of the following?
The correct answer is C. The hash of the signed document must be present.. Dual assurance in a digital signature system requires both integrity verification and non-repudiation, which is achieved by including a hash of the signed document.
Question
Options
- AThe public key must be unique for the signed document.
- Bsignature process must generate adequate authentication credentials.
- CThe hash of the signed document must be present.
- DThe encrypted private key must be provided in the signing certificate.
How the community answered
(50 responses)- A6% (3)
- B12% (6)
- C80% (40)
- D2% (1)
Why each option
Dual assurance in a digital signature system requires both integrity verification and non-repudiation, which is achieved by including a hash of the signed document.
Public keys are not unique per document; a single public/private key pair is reused across many signing operations, so uniqueness per document is not a design requirement for dual assurance.
Generating 'adequate authentication credentials' is vague and describes authentication generally, not the specific cryptographic mechanism (hashing + asymmetric encryption) that provides both integrity and non-repudiation in a digital signature scheme.
Including the hash of the signed document provides dual assurance by ensuring both integrity (the document has not been altered since signing, as any change produces a different hash) and authenticity/non-repudiation (the hash is encrypted with the signer's private key, proving origin). Without the hash, the signature cannot cryptographically bind the signer's identity to the specific content of the document, eliminating both guarantees simultaneously.
Private keys must remain secret and are never embedded or provided within a signing certificate; the certificate contains only the public key, and exposing the private key would completely compromise the security of the signature system.
Concept tested: Digital signature integrity and non-repudiation via hashing
Source: https://learn.microsoft.com/en-us/windows/win32/seccrypto/digital-signatures
Topics
Community Discussion
No community discussion yet for this question.