Digital signatures are like electronic “fingerprints”. A digital signature is a specific type of e-signature that verifies the authenticity of the digital messages or documents. A valid digital signature gives a recipient a very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity). All digital signatures are e-signature but all e-signatures are not digital signatures. In the form of a coded message, the digital signature securely associates a signer with a document in a recorded transaction.
Digital signatures use
a standard, accepted format, called Public Key Infrastructure (PKI), to provide
the highest levels of security and universal acceptance. Digital signatures use
certificate-based digital IDs to authenticate the signer identity and
demonstrate a proof of signing by binding each signature to the document with
encryption. Validation occurs through trusted certificate authorities (CAs) or
trust service providers (TSPs). Digital signature is a standard element of most
cryptographic protocol suites, and is commonly used for software distribution,
financial transactions, contract management software, and in other cases where
it is important to detect forgery or tampering.
Digital signatures are
equivalent to traditional handwritten signatures in many respects, but properly
implemented digital signatures are more difficult to forge than the handwritten
type. Digital signature schemes, in the sense used here, are cryptographically
based, and must be implemented properly to be effective. Digital signatures can
also provide non-repudiation, meaning that the signer cannot successfully claim
they did not sign a message.
POINTS TO REMEMBER
A digital signature is a mathematical
code for demonstrating the authenticity of digital messages or documents that
lets you sign a document electronically and validates the signer.
Working
mechanism of digital signature
Digital signatures are
based on Public Key Infrastructure. By this mechanism, two keys are generated,
a Public Key and Private Key. The private key is kept by the signer and it
should be kept securely. On the other hand, the receiver must have the public
key to decrypt the message.
For example, a sender
wants to send an encrypted message to the receiver. As stated above, the sender
must have a private key to sign the message digitally. Before encrypting the
message using the private key, an algorithm encrypts the message to be sent by
the sender into a hash value. Then, the sender's private key encrypts this hash
value. On completion of both the processes, the sender's message is said to be
digitally signed.
On the side of the
receiver, the digitally signed message is decrypted with the help of the
signer's public key. The public key decrypts the message and converts it into
another hash value. Then, the program which is used to open the message (e.g.,
MS Word, Adobe Reader etc.) compares this hash value to the original hash value
which was generated on the sender's side. If the hash value on receiver's side
matches with the hash value generated on the sender's side, then, the program
will allow the message to open up and displays the message “The document has
not been modified since this signature was applied.” Then the program
will not allow the document to open if both the hash values don't match.
Hash function: A hash function (also called a
"hash") is a fixed-length string of numbers and letters generated
from a mathematical algorithm and an arbitrarily sized file such as an email,
document, picture, or other type of data. This generated string is unique to
the file being hashed and is a one-way function i.e. a computed hash cannot be
reversed to find other files that may generate the same hash value. Some of the
more popular hashing algorithms in use today are Secure Hash Algorithm-1
(SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message
Digest 5 (MD5).
Public Key
Infrastructure (PKI): Public Key
Infrastructure (PKI) is a set of requirements that allow (among other things)
the creation of digital signatures. Through PKI, each digital signature
transaction includes a pair of keys: a private key and a public key. The
private key, as the name implies, is not shared and is used only by the signer
to electronically sign documents. The public key is openly available and used
by those who need to validate the signer’s electronic signature. To protect the
integrity of the signature, PKI requires that the keys be created, conducted,
and saved in a secure manner, and often requires the services reliable
Certificate Authority (CA).
Certificate Authority
(CA): Digital signatures
rely on public and private keys. When you send or sign a document, you need
assurance that the documents and the keys are created securely and that they
are using valid keys. CAs, a type of Trust Service Provider, are third-
organizations that have been widely accepted as reliable for ensuring key
security that can provide the necessary digital certificates. Also, CA
validates a person's identity and either generates a public/private key pair on
their behalf or associates an existing public key provided by the person to
that person. Once a CA validates someone's identity, they issue a digital
certificate that is digitally signed by the CA.
Digital certificate: A digital certificate is an electronic
document issued by a Certificate Authority (CA). It contains the public key for
a digital signature and specifies the identity associated with the key, such as
the name of an organization. The certificate is used to confirm that the public
key belongs to the specific organization. The CA acts as the parantor. Digital
certificates must be issued by a trusted authority and are only valid for a
specified time. They are required in order to create a digital signature.
Advantages
and Disadvantages of Digital Signature
The following are the
benefits of digital signature:
·
Time
saving: Documents sent by the
sender are auto verified and hence recipients do not need to spend their time
on manual verification. Documents are prepared and signed by all the parties in
a very short period of time no matter how far the parties are geographically.
·
Costs
Saving: Using postal or
courier services for paper documents is much more expensive compared to using
digital signatures on electronic documents.
·
Enhance
Security: The use of digital
signatures and electronic documents reduces the risks of documents being
intercepted, read, destroyed, or altered while in transit.
·
Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed paper
document.
·
Tracking: A digitally signed document can easily be
tracked and located in a short amount of time.
·
Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later denied.
·
Imposter
prevention: No one else can forge
your digital signature or submit an electronic document falsely claiming it was
signed by you.
·
Time-Stamps: By time stamping your digital signatures, you
will clearly know when the document was signed.
The following are the
disadvantages of digital signature:
·
Expiry: Digital signatures are highly dependent on
the technology. Because of fast technological advancements, many of these tech
products have a short life.
·
Certificates: In order to effectively use digital
signatures, both senders and recipients may have to buy digital certificates at
a cost from a trusted certification authority.
·
Software: To work with digital certificates, senders
and recipients have to buy verification software at a cost.
·
Law: In some states and countries, cyber laws are
weak or even non-existent. Trading in such jurisdictions becomes very risky for
those who use digitally signed electronic documents.
·
Compatibility: There are many different digital signature
standards and most of them are incompatible with each other and this
complicates the sharing of digitally signed documents.
Assignment
7
1.
Define the following
terms Digital Signature, Hash Value, PKI, Certificate Authority and Digital
Certificate.
No comments:
Post a Comment