This document defines electronic signatures and discusses how they work using public key infrastructure (PKI). It explains that electronic signatures involve hashing document contents, encrypting the hash with a private key, and including the encrypted hash and public key in a digital certificate. It describes risks like man-in-the-middle attacks and the role of certificate authorities in verifying identities and signatures. The document also outlines standard certificate formats, details the components of a certificate, and explains how improved signing procedures provide non-repudiation of signed documents.

1. Electronic Signature
석사 29기 박준영

2. Contents
• Definition
• PKI-Electronic Signature + MITM Attack
• Public Certificate
• Certificate Formats (Components)
• Certificate Authorities
• Improved Signing Procedure
• Non-repudiation Function
• Q & A

3. • Signature electronically
• Certificate one’s identity
• Equivalent to handwritten signatures
Definition

4. PKI E-Signature
• Hash(D1) => H1
• Encrypt(KeyE, H1) => S;
• C1 = {D1, S, KeyD}
• C1 => D1, S, KeyD;
• Decrypt(KeyD, S) => H1;
• Hash(D1) => H1;
• H1 == H1;
Alice Bob

5. PKI E-Signature (MITM)
• Hash(D1) => H1
• Encrypt(KeyE, H1) => S;
• C1 = {D1, S, KeyD}
• C2 => D2, S, KeyD;
• Decrypt(KeyD, S) => H1;
• Hash(D2) => H2;
• H1 != H2;
• C1 => D1, S, KeyD
• D1 => D2;
• C2 = {D2, S, KeyD}
• C1 => C2
Alice
Bob
Hacker

6. • C2 => D2, S2, FKeyD;
• Decrypt(FKeyD, S2) => H2;
• Hash(D2) => H2;
• H2 == H2;
PKI E-Signature (MITM)
• Hash(D1) => H1
• Encrypt(KeyE, H1) => S;
• C1 = {D1, S, KeyD}
• C1 => D1, S, KeyD
• D1 => D2;
• Hash(D2) => H2;
• Encrypt(FKeyE, H2) => S2;
• C2 = {D2, S2, FKeyD}
• C1 => C2
Hacker
Alice
Bob

7. Public Certificate
• Electronic ID Card
• Validate Electronic Signature
• Need 3-party Certification Authority(CA)

8. Public Certificate
PKCS#12 Format File(.p12)
Certificate + Private Key
Using when Import / Export
Public Certificate
(.der / .pem)
DER / PEM
DER : Binary formed cert.
PEM : Base64 encoded cert.
Private Key
Keep it Secret!!

9. Certificate Contents (X. 509)
• Key-Usage
• Public Key
• Thumbprint Algorithm
• Thumbprint
• Serial Number
• Subject
• Signature Algorithm
• Signature
• Issuer
• Valid-From
• Valid-To

14. Certificate Authorities
ROOT CA
ROOT CA
SUB CA
- Korea(For e-commerce)

15. Certificate Authorities
SSL Certificate Market Share (August 2014)
(http://www.whichssl.com/comparisons/market-share.html)
- World

16. Improved Signing Procedure
Hash data
⬇
Encrypt hashed data
(Signature)
⬇
Attach Certificate
with Signature & Data
⬇
Send via network
(D-Signed data)
”Digital Signature diagram" by Acdx

17. Improved Signing Procedure
”Digital Signature diagram" by Acdx
Receive D-Signed data
⬇
Detach Data & Signature
⬇
Check Certificate via CA
⬇
Compare Hashed Data
and Decrypted Data
⬇
Verify

18. Non-repudiation

19. Reference
• 네이버 애플리케이션의 전자 서명 원리(http://helloworld.naver.com/
helloworld/textyle/744920)
• SSL Certificate Market Share (http://www.whichssl.com/comparisons/
market-share.html)
• Solo, David, Russell Housley, and Warwick Ford. "Internet X. 509 public
key infrastructure certificate and certificate revocation list (CRL)
profile." (2002).
• Public Certificate Sample (Hana Bank Corp.)
• Digital Signature Diagram by Acdx (Wikipedia)

20. Electronic Signature
Q & A