DIGITAL SIGNATUREA digital signature is an electronic signature that can be usedto authenticate the identity of the sender of amessage or thesigner of a document, and possibly to ensure that the originalcontent of the message ordocument that has been sent isunchanged.Why use certificate signatures?Many business transactions, including financial, legal, and other regulated transactions, require highassurance when signing documents. When documents are distributed electronically, it is important thatrecipients can: Verify document authenticity – confirming the identity of each person who signed the document Verify document integrity – confirming that the document has not been altered in transitCertificate-based signatures provide both of these security services. Many businesses and governmentshave chosen to set up a certificate-based digital signature infrastructure within their organization – usingthird party certificate authorities to provide independent identity validation. Examples include: Pharmaceutical companies who need to use signatures that comply with the SAFE (Signatures & Authentication For Everyone) BioPharma industry standard Companies in the European Union who need to comply with the ETSI PAdES standard (PDF Advanced Electronic Signatures)Other reasons why more and more organizations choose to use this type of digital signatures include: 1. Saving money. The electronic signing method eliminates the cost of paper, printing, and courier services. 2. Document integrity. Organizations that publish/release any kind of PDF material on the internet can now be assured that the PDF documents will not be modified in any way to alter the organization’s brand or credibility. 3. Work efficiency. Handling a document electronically (clicking a button or entering a password) is way faster than circulating it through interoffice mail or courier.A digital signature scheme typically consists of three algorithms:* A key generation algorithm that selects a private keyuniformly at random from a set of possible privatekeys.The algorithm outputs the private key and a corresponding public key.* A signing algorithm that, given a message and a privatekey, produces a signature.* A signature verifying algorithm that, given a message,public key and a signature, either accepts orrejects themessages claim to authenticity.
Two main properties are required:1. a signature generated from a fixed message and fixed privatekey should verify the authenticity of thatmessage by using thecorresponding public key.2. it should be computationally infeasible to generate a validsignature for a party who does not possess theprivate key.HOW DIGITAL SIGNATURE WORKS:There are two processes in digital signatures:1. signing process - In this process, data is convertedinto hash by using hash function then this hashisencrypted by using signers private key and then this isattached to the data and send.2.verification - In this process, digital signature areverified. First, digitally signed data is split into dataandsignature. then data is converted into hash andsimultaneously signature isdecrypted using signerspublickey. if both hash are same then the digital signatures areverified.Below are some common reasons for applying a digital signature tocommunications:
1. Authentication Digital signatures can be used to authenticate the source ofmessages. When ownership of a digital signature secret key is bound to aspecific user, a valid signature shows that the message was sentby that user. The importance of high confidence in sender authenticity isespecially obvious in a financial context. For example, suppose a banks branch office sends instructions tothe central office requesting a change in the balance of anaccount. If the central office is not convinced that such a message istruly sent from an authorized source, acting on such a requestcould be a grave mistake. 2. Integrity In many scenarios, the sender and receiver of a message may havea need for confidence that the message has not been alteredduring transmission. Although encryption hides the contents of a message, it may bepossible to change an encrypted message without understanding it. However, if a message is digitally signed, any change in themessage after signature will invalidate the signature. Furthermore, there is no efficient way to modify a message andits signature to produce a new message with a valid signature,because this is still considered to be computationally infeasibleby most cryptographic hash functions. 3.Non-repudiation Non-repudiation, or more specifically non-repudiation of origin,is an important aspect of digital signatures. By this property an entity that has signed some informationcannot at a later time deny having signed it. Similarly, access to the public key only does not enable afraudulent party to fake a valid signature. This is in contrast to symmetric systems, where both sender andreceiver share the same secret key,and thus in a dispute a third party cannot determine which entitywas the true source of the informationThe components that a digital signature comprise of. 1. Your public key: This is the part that any one can get a copy of and is part of the verification system. 2. Your name and e-mail address: This is necessary for contact information purposes and to enable the viewer to identify the details.
3. Expiration date of the public key: This part of the signature is used to set a shelf life and to ensure that in the event of prolonged abuse of a signature eventually the signature is reset. 4. Name of the company: This section identifies the company that the signature belongs too. 5. Serial number of the Digital ID: This part is a unique number that is bundled to the signature for tracking ad extra identification reasons. 6. Digital signature of the CA (certification Authority): This is a signature that is issued by the authority that issues the certificates. Figure AUser A is depicted above and has two keys a public key, this key is available to the public fordownload, and a private key, this key is not available to the public. All keys are used to lock theinformation in an encrypted mode. The same keys are required to decrypt the data.Another user can encrypt the data using users A’s Public Key. User A will use the Private Key todecrypt the message. Without user A’s Private Key the data can not be decrypted. Figure Bbelow depicts the encryption method and decryption method and witch keys are used. Figure B
Digital signature can be used to make document e-mails and other data private. Big brother isout there and choosing a high encryption mechanism ensures that any one attempting to decryptthe data would find it unviable to attempt decryption.User A’s machine digests the data into a simple string of code after user A’s software hasencrypted the message digest with his private key. The result is the digital signature. User A’ssoftware then appends the digital signature to document. All of the data that was hashed has beensigned. User A then passes the digitally signed document to user B.First user B’s software decrypts the signature, using User A’s public key then changing it backinto a message digest. After the decryption if it has decrypted the data to digest level thenverifies that user A in fact did sign the data. To stop fraud certificate authorities have beenintroduced. Certificate authorities can sign User A’s public key, ensuring that no one else usesBobs information or impersonated his key.If a user is uncertain of the digital signature it is possible to verify the digital signature with thecertificate authority. Signatures can also be revoked if they are abused or if it is suspected thatthey are abused. When a digital signature is compromised the user that suspects that thecertificate is compromised should report the incident to the certificate authority.