DIGITAL

SIGNATURES

IT PROJECT

Submitted To: Submitted By:

Dr. Amita Varun Bhardwaj
204/10
Section – A
10th Semester
Acknowledgement

I will like to thank my subject teacher Prof. Amita Verma. Without her guidance
and support this project could not have been completed. I also owe this project
to my referred book. I am indebted to all the people who gave me knowledge
about Information Technology Act, 2000.

2
Index

 Introduction 4

 Legal Provisions Relating to Digital Signature(DS) [Section 3} 5-6

 Cryptography 7-9

 Creating a Digital Signature 10

 Verification of Digital Signature 11-12

 Bibliography 13

3
Introduction

Digital signature is defined as a short unit of data that bears a

mathematical realtionship to the data (electronic record or message) in the
documents context and provides assurance to the recipient that the data is
authentic

It can be defined as a process that authenticates both the original and

contents of a message in a manner that provable to third party. However under
section 2(1)(P) of the information technology act, 2000 digital signature” means
authentication of any electronic record by a subscriber by means of an electronic
method or procedure in accordance with the provisions of section 3

Basically, digital signature is a secure method of binding the identity of

the signer or signstory with electronic record or messag. This method uses a
public key crypto system commonly known as asymmentric crypto system to
generate digital signature

4
Legal Provisions Relating to Digital Signature(DS)
[Section 3}

It is importantly to note that under the information tecnology act, 2000

digital signature and electronic signature could be used by a subscriber having
DSC/ESE issued by licenced CA.

The Controllere Of Certifying Authority (CCAs)

Licence

Certifying Authority

DSC/ESE

Subscriber

Affixes DS/ES to electronic record

Relying party
Verfication of DS/ES

PKI PROCESS

 Authentication of an electronic record by DS [Section 3(1)]

Any subscriber may authenticate an electronic record by affixing his

digital signature. However, DS is created by using private key.

 Digital Signature [Section 2(1)(p)]: “digital signature” means

authentication of any electronic recordby a subscriber by means of an
electronic method or procedure in accordance with thw provisions of
section3.

 Private Key [section 2(1)(zc)]: “private key” means the key of a key
pair used to create a digital signature:

 Authentication by the use of asymmetric crypto system and hash

function [Section 3(2)]

The authentication of the electronic record shall be efffected by the use of

asymmetric crypto system and hash function which envelop and transform the
initial record into another electronic record

5
  Asymmetric Crypto System [Section 2(1)(f)]: “asymmetric crypto
system” means a ssytem of a secure key pair consisiting of a private
key for creating a digital signature and a public key to verify the digital
signature;

It is important to note tecnology or process which is used in DS for

integrity, secrecy and non-repudiation to electrnic record or message is
cryptology. Therefore it is pertinent toknow what is cryptology before we
understand Digital Signatures.

Cryptology

It is the art of and science encrypting or encoding the meaningful data

into meaningfulness data and decodingit again at the reciever’s end to transform
it back to meaningful data, making use of some parameterized function.

Cryptologyis the combination of the follwing:

a) Crypotography

b) cryptoanalysis

6
Cryptography

Digital signatures are created and verified by using cryptography. It is

pertinent to know what crypto graphy is before we understand Digital
Signatures. Cryptography is the science or art of secret writing i.e., keeping
information secret. Historically, cryptography has been used to hide information
from access by unauthorized interception. However, in the modern society it is
also used to prevent unauthorized access to any electronic record in digital
medium.

Conceptually, cryptography is a process or branch of applied mathematics

that transforms message( plain text which is legible) into unintelligibleform
(cipher form which is illegible) and then back into original form (plain tex which
is legible). This process of conversion of plain text to cipher text is known as
encryption and the process of conversion from cipher text to palin text is known
as decryption. The purpose of encryption is to ensure confidentiallity, secrecy
and privacy by keeping this information hidden from anyone. Therfore,
Cryptography is a technique to prtect message or electronic record and it allowa
the secure communication of such message or a electronic recoed over the
insecure method.1

Basically cryptograhy involves following:

1. Encryption.

2. Decryption.

1. Encryption

It is a process of converting legible form of text commonly known as plain text to

illegible form generally known as cipher text. However, for encryption a secret
key is used. When electronic record is ent by the subscriber he will use his
private key to convert the electronic record inti illegible form so that it should
not be misused before it is received by the recipient.2

Modes or methods for encrytion section 84A inserted cy the information

tecnology amendment Act 2008: It is important to note that the Central

1 Para 36 of Guide to Enactment of the UNICITRAL Model Law on Electronic

Signatures (2001) at
http://www.uncitral.org/pdf/english/texts/electcom08_55698p-Ebook.pdf
accessed on 01.02.2011.
2 Tewari R.K., Computer Crimes and Computer Forensic, Select Publisher, New

Delhi P138(2002).

7
Government may, for secure use of the electronic medium and for promotion of
E-governance and E-commerce, prescribes the modes or methods for encryption.

 Encryption algorithm RSA: The most widely use dpubliuc key

encryption algorithm is RSA named after it’s inventor Ron Rivert, Adi
Shamir and Len Adlemanwhich was invented in 1977 and was
published in 1978. however, RSA is patented.

Advantages of encryption

There are various advantages of encryption:

 It protects infromation stored on computer from unauthorized access

 It protects infromation whwn it is in transit from one computer to other

 It ensures confidentiality, secrecy and privacy by keeping information

hidden from everyone.

2. Decryption

It is process of converting inllegible form text (cipher text) to legible form (plain
text). However, for decryption a key is used commoly knowm as public key.
Further this process is carried on by the reciever of the e-record.

Types of cryptography

It is of two types:3

1) Symmetric cryptography (private key cryptographic system)

2) Asymmetric cryptography (public key cryptograhic system)

1) Symmetric cryptography(private key cryptographic system)

In the symmetric cryptography, ther is a singlr key used fro bth encryption and
decryption of message. E.g. automatic teller machine(ATM) at a bank. When a
person uses an ATM, he gains access to his account by entering a personal
identification number (PIN). The PIN is a secret number which is shared
between the bank and the client.4

3 Conference Volume of Conference on e-security, Cyber crime and Law,

MGSIPAP, Chandigarh, India, 2004, P162.
4 Sharma Vakul, Information Technology Law and Practice, p.30, (2010).

8
Document to be sent- encoded document – encoded document – received
document

Limitation of Symmetric Cryptography

This cryptography has following limitations:

1. The same key is shared by the originator and the same key addressee and
it became vulnerable to attack when one party transfers it to another.

2. A person receiving e-records from different persons have to use different

keys.5

However, these problems can be overcome by keeping appropriate record.

2) Asymmetric Cryptography (public key cryptographic system)

In asymmetric cryptography, ther is a pair i.e. public key and private key. A
private key as name suggests is a secret key used by signer to create didgital
signatiure s whereas public key as name suggests is known to public and is used
by oher party reciever of the record to verify digital signature.

Cryptography in digital signature

It is important to note that digital signature is not a digitalized image of a

handwritten signature. It is a data which is attached at the end of electronic
record or message and it authenticates such message. Here, asymmetric
cryptography (a key pair) is used for encryption and decryption.

 Hash function [Explanation Section 3]

“hash function” means an algorithm mapping or translation of one

sequence of bits into another, generally smaller, set known as “hash result” such
that an electronic record yields the same hash result every time the algorithm is
executed with the same electronic record as ts input making it computationally
infeasible:

a) To derive or reconstruct the original electronic record from the hash rsult
produced by the algorithm

b) That the two electronic records can produce the same result the same
hash result using the algorithm.

5 Dr. Farooq Ahmed, Cyber Laws in India,p. 43.

9
Creating a Digital Signature

Following steps are followed in creating a digital signature:

Step I: Signer slects data or electronic record to be signed. Such selected

data is known as message. He applies a hash rsult which is also
known as hash value or message (selected data) to create hash
rsult which is also known as hash value or message digest or
dihital fingerfrint. Such hash result is unique to the message.

Step II: Signer uses his private key to transform hash result into digital
signature and this transformation is aldo known as encryption.
Such digital signature is unique to both the message and private
key is used to create it.

Step III: Now the digital signature is attached to its message and it is
transmitted with its message to the recipient.

 Verification the electronic record section3(3)

Any person can verify the electronic record by the use of a public key of the
subscriber can verify the electrnic record.

 Meaning of verification [Section2(1)(zh)]: verify in relation to a

digital signature, electrnic record or public key, with its grammatical
variations and cognate expressions means to determine whether:

1) The initial electronic record was affixed with the digital signatureby the
use of private corresponding to the public key of the subscriber;

2) The initial electronic record is retained intact or has been altered since
such electrnic record was so afiixed with the digital signature.

Basically verification is used for two purposes:

1. To verfiy whether signer’s private key was used to create digfital

signature; and

2. Whether newly created hash result matches original hash result which
was recorved from digital signature during verfication process.

 Public key [Section 2(1)(zd)]: public key means the key of a key pair
used to verify a digital signature and listed in the Digital Signature
Certificate.

10
Verification of Digital Signature

In case of asymmetric crypto system public key of the subscriber is used for
verification however, following steps are followed in verification:

Step I: Recipient recieves didgital signature and the message

Step II: Recipient applies signer’s public key to the digital signature and
recovers hash result (hash value or message digesst or digital
fingerprint) from the digital signature.

Step III: Recipient would apply sam ehash function to message (sent by the
signer) as applied by the signer o create digital signature and he
would recover the hash result (hash value or message digest or
digital fingerprint of the message)

Step IV: Compare the hash results recovered inStep II and Step III. If hash
results recoverd in Step II and Step III are identical then it
indicates that the message remaind unchanged. However, where
these two results are not identical or message was changed after
signing, therefore in such recipint can reject the message.

 The Private Key and the Public Key are unique [Section3(4)]

The private key and the public key are unique to the subscriber and
constitute a functioning key pair.

 Key Pair [Section2(1)(x)]: key pair. In an asymmetric crypto system,

means a private key and is mathematically related public key , which are
so related that the public key can verify a digital signature created by the
private key;

 Private Key [Section2(1)(zc)]: private key means the key of a key pair
used to create a digital signature;

 Public Key [Section2(1)(zd)]: public key means the key of a key pair
used to verify a digital signature and listed in the digital signature
Certificate.

Basically, a private key is mathematically related to the public key but it is

computatuoionally impossible to calculate one key from other. Therfore private
key cannot be compromised or violated just by knowing public key. Though
many people (public) know pubic key of a given signer as they use it to verify the

11
signer’s signature, still they cannot discover the signer’s private key and use it to
forge digital signature. Therefore, it is based on the principle of irreversebalility.6

6Para 32 of Guide to Enactment of the UNICITRAL Model Law on Electronic

Signatures (2001) at
http://www.uncitral.org/pdf/english/texts/electcom08_55698p-Ebook.pdf
accessed on 04.01.2011

12
Bibliography

 Bharat’s Cyber and Information Technology, 3rd edition by Dr. Jyoti Rttan.
 Tewari R.K., Computer Crimes and Computer Forensic, Select Publisher,
New Delhi P138(2002).
 Sharma Vakul, Information Technology Law and Practice, p.30, (2010).
 Dr. Farooq Ahmed, Cyber Laws in India,p. 43.


13