Digital Signatures and PKI infrastructure

1. Shubham Sharma

2. 
 Username and Password are the only things in a
Digital Signature.
 Any electronic document is a valid document, no
need not signed because it is computer generated.
 Digital Signature are for personal use and can’t be
kept in court for perusal.
Common Myths

3. 
 To provide Authenticity, Integrity and Non-
repudiation to electronic documents.
Why Digital Signatures
?

4. 
 Digital code attached to an electronically transmitted
document to verify its contents and the sender's identity.
 Digital Signature of a person therefore varies from
document to document thus ensuring authenticity of
each word of that document.
What is Digital Signature?

5. 
 Symmetric encryption uses the identical key to both
encrypt and decrypt the data.
Symmetric/Asymmetric Encryption

6. 
 Two related keys (public and private) for data
encryption and decryption.
 The private key is never exposed.
 Takes away the security risk of key sharing.
Asymmetric

8. 
Message
+
Signature
Hash
Decrypt
Signature
With Sender’s
Public Key
SIGN hash
With Sender’s
Private key
Message
+
signature
COMPARE
Calculated
HashMessage
Sender Receiver
Hash
Sent thru’ Internet
if
OK
Signatures
verified
Signed Messages

10. 
PIN Protected Soft Tokens
 Private key is encrypted and kept on
the Hard Disk in a file, this file is
password protected.
 Forms the lowest level of security in
protecting the key, as
 The key is highly reachable.
 PIN can be easily known or cracked.

11. 
 Private key is generated in the crypto module residing in the
smart card.
 The key is kept in the memory of the smart card.
 The key is highly secured as it doesn’t leave the card.
 The message digest is sent inside the card for signing, and the
signatures leave the card.
Smart Cards

12. 
Hardware Tokens
 They are similar to smart cards in
functionality as
 Key is generated inside the token.
 Key is highly secured as it doesn’t
leave the token.
 Highly portable.
 Machine Independent.

13. 
 Class 0 : Issued only for demonstration/ test purposes.
 Class 1 : Confirms user's name and E-mail address.
 Class 2 : Issued for both business personnel and private
individuals use. Information in the application provided by the
subscriber does not conflict with the information in well-
recognized consumer databases.
 Class 3 : This certificate issued to individuals as well as
organizations. High assurance certificates. Issued to individuals
only on their personal (physical) appearance before the
Certifying Authorities.
Different Classes of Digital
Signatures

14. 
 The pattern also has some (possible) liabilities:
 Both participants must trust the identity of each other.
 Thus, certificates issued by some certification
authority are needed.
 Both the sender and the receiver have to previously
agree what cryptographic algorithm they support.
Liabilities

15. 
Public Key Infrastructure
(PKI)

16. 
Trusted Agency is required which certifies the
association of an individual with the key pair.
Certifying Authority (CA)
This association is done by issuing a
certificate to the user by the CA
Public key certificate (PKC)
All public key certificates are digitally signed
by the CA.
Public Key Infrastructure

17. 
• Controller is the Root certifying authority responsible for
regulating Certifying Authorities (CAs).
• CA Must be widely known and trusted.
• CA must have well defined Identification process before
issuing the certificate.
• CA certifies the association of an individual with his
public key.
• Provides online access to the list of certificates revoked.
• Displays online the license issued by the Controller.
Certifying Authority

18. 
Paper Electronic
IDRBT Certificate

19. 
Public-Key Certification
Signed
by using
CA’s
private
key
User
Name &
other
credentials
User’s
Public
key
User Certificate
Certificate
Database
Publish
Certificate
Request
User Name
User’s
Public Key
CA’s Name
Validity
Digital
Signature
of CA
Certificate
Class
User’s Email
Address
Serial No.
Key pair
Generation
Private
Public
Web site of CA
User 1 certificate
User 2 certificate
.
Public
License issued
by CCA

21. 
• There are only 6 certificate Authorities
1. Safescrypt
2. iTrust (IDRBT)
3. National Informatics Centre(NIC)
4. Tata Consultancy Services
5. (n)Code Solutions
6. e-Mudhra
 There is only one Root Certificate Authority
 Root Certifying Authority of India (RCAI)
CA’s of India

22. 
Tragedy!!

23. 
Battle is ON!!

24. 
 Download and install Gpg4Win(supports Outlook).
 Download and install Thunderbird.
 Add extension Engimail (adds OpenPGP message
encryption and authentication to your thunderbird
client.)
 Create your key pair.
 Encrypt/Sign on the go !!
DEMO Steps

25. 
Would like to hear from you !!
Thank You !!
Email-
shubham.sharma3005@gmail.com