Question

Why symmetric key is not used in digtal signature?

Answer 1

As alluded to, the difference between a MAC and a signature is who can verify it. If you use a symmetric key algorithm to create a MAC (say, hash the message, encrypt the hash, and attach that as the MAC), only people with the symmetric key can verify it. This could be the original signer (which means you have a trusted channel over which to receive a "yes, it's valid" response, in which case you probably don't need to sign anyway--just request the message from the signer), or a trusted third party (TTP).In this later case, you can provide the TTP with an identity string and a symmetric key. When you sign a message, you hash it, attach your identity string, and encrypt the hash + id string with the key. You can then publish the message and the MAC. Anyone wanting to verify it can go to the TTP and ask, "Is XYZ the signature of id string ABC on message M?" The TTP can recreate the MAC/Signature and verify it.The magic of public key-based digital signatures is that the TTP is not necessary to verify the signature. The down side is that they're necessary to verify the public key for a given id string. Of course, by giving the TTP the symmetric key, you also give them the ability to create valid forgeries and their security breach compromises your whole system. That may or may not be true when using public key algorithms.

plzzz do me as brainliest one