Digital signatures provide authentication, integrity, and non-repudiation for electronic documents. They work by using public key cryptography - a signer encrypts a hash of a message with their private key, which can be verified by anyone using the signer's public key. Major milestones in digital signatures include the invention of the RSA algorithm in 1977 and laws passed in 2000 and 2008 that gave digital signatures legal standing. While they provide security, key security and processing times are challenges.
3. History
Here are some of the milestones in the history of digital signature
technology:
1976: Whitfield Diffie and Martin Hellman first described the idea of a
digital signature
1977: Ronald Rivest, Adi Shamir and Len Adleman invented
the RSA algorithm, which could be used to produce a kind of primitive
digital signature.
1988: Lotus Notes 1.0, which used the RSA algorithm, became the first
widely marketed software package to offer digital signatures
4. 1999: The ability to embed digital signatures into documents is added
to PDF format.
2000: The ESIGN Act makes digital signatures legally binding.
2002: SIGNiX is founded and becomes the most broadly used cloud-
based digital signature software
2008: The PDF file format becomes an open standard to the
International Organization for Standardization (ISO) as ISO 32000.
Includes digital signatures as integral part of format.
5. What is Digital Signature
Hash value of a message when encrypted with the private
key of a person is his digital signature on that e-
Document.
Digital Signature of a person therefore varies from
document to document thus ensuring authenticity of each
word of that document.
As the public key of the signer is known, anybody can
verify the message and the digital signature.
6. WHY DIGITAL SIGNATURE
To provide Authenticity,
Integrity and Non-repudiation
to electronic documents.
To use the Internet as the safe
and secure medium for e-
Commerce and e-Governance
8. Basic Requirements
Private key
Only signer can access
the primary key. It is used
to generate the digital
signature which is then
attached to the massage.
Public key
The public key is made
available to all those who
receive the signed
massages from the sender.
It is Used for verification
of the received massage.
9. Digital signature certifications
A digital signature certificate is issued by the
Certifying Authority to the applicants. For
obtaining this certificate the applicant must
produce the private key and public key pair
before the certifying authority. After checking the
functioning of the key pair the certifying
authority issues a certificate to the applicant.
10. How the Technology Works
Generating a
public key
and privet key
Added the
signature to
the document
Create a
digital
signature
Certificate
Authority
(CA)
User get massage
11.
12. Purpose of Digital Signature
Signer authentication :
If public and private keys are associated with an identified signer, the
digital signature attributes the message to the signer. The digital signature
cannot be forged, unless the signer loses control of the private key.
Message authentication :
Digital signature identifies the signed message with far greater certainty
and precision than paper signatures. Verification reveals any tempering
since the comparison of hash result shows whether the message is the
same as when signed.
13. Non-repudiation :
Creating a digital signature requires the signer to use his private key. This
alters the signer that he is consummating a transaction with legal
consequences, decreasing the chances of litigation later on.
Integrity :
Digital signature creation and verification processes provide a high level of
assurance that the digital signature is that of the signer. Compared to
tedious and labor intensive paper methods, such as checking signature
cards, digital. Signatures yield a high degree of assurance without adding
resources for processing.
14. Algorithm of Digital Signature
• An algorithm provides the capability to generate and verify signature.
• Each user possesses a private and public key pair,but is not the same .
Public keys are assumed to be known to the public in general. Private
keys are never shared.
• Anyone can verify the signature of a user by employing that user
public key. Only the possessor of the user private key can perform
signature generation.
• A hash function is used in the signature generation process to obtain a
condensed version of data.
15.
16. Challenges and Opportunities
The prospect of fully implementing digital signatures in general commerce
presents both benefits and costs.
The costs consist mainly of:
Institutional overhead
Subscriber and Relying Party Costs
On the plus side:
Message integrity
Imposters
17. Application
Here are some Applications of Digital Signature.
Electronic Mail
Data Storage
Electronic funds transfer
Software Distribution
Smart Cards
Mitrenet
ISDN
Time Stamped Signature
18. DrawbacksAlthough the digital signature technique is a very effective method of maintaining
integrity and authentication of data, there are some drawbacks associated with this
method.
1. The private key must be kept in a secured manner.
2. The process of generation and verification of digital signature requires considerable
amount of time.
3. Although digital signature provides authenticity, it does notensure secrecy of the data.
4.If a user changes his private key after every fixed interval of time, then the record of all
these changes must be kept.
5. For using the digital signature the user and receiver has to pay additional amount of
money
19. Conclusion
Digital signatures are difficult to understand. Digital signatures will be
championed by many players that the public distrusts, including national
security agencies, law enforcement agencies, and consumer marketing
companies. Digital signatures will inevitably be associated with cards.
Digital signatures will inevitably be associated with biometric identifiers.
As a result, it appears that digital technology is rapidly becoming pervasive,
the public not find this comforting. They will demand explicit privacy
protections, far more substantial than the weak and patchy regime that is
presently in place.