Q.2.

Explain the importance of the Public Key Infrastructure in authentication of elec-

tronic documents. Explain the role played by the Certifying Authorities and the Con-
troller of Certifying Authorities in the Public Key infrastructure.

Public Key Infrastructure is a technology used to authenticate users and devices in the digital
world. The basic idea is to allow one or more trusted parties to digitally sign the document to
confirm that a specific encryption key belongs to a specific user or device. It is then used as a
user ID in a digital network.
Users and devices that contain keys are often referred to simply as entities. In general, any-
thing can be linked to a key that can be used as an identity. In addition to users or equipment,
it can also be a program, process, manufacturer, or component. , Or something else. The pur-
pose of Public Key Infrastructure is to reliably associate keys with objects.
The trusted party that signs the document that links the key to the device is called the certifi-
cation authority. The certification authority also has an encryption key that is used to sign
these documents. These files are called certificates.
The public key infrastructure is based on digital signature technology using public key en-
cryption. The basic idea is that the key of each entity is only known to that entity and used for
signing. This key is called the private key. Another key derived from this, the so-called public
key, is used to verify the signature, but cannot be used for signatures. This public key is avail-
able to everyone and is usually included in the certificate document.
With the development of business models that increasingly rely on electronic transactions and
digital documents, and more and more Internet devices are connected to corporate networks,
the role of public key infrastructure is no longer limited to isolated systems, such as secure e-
mail, for physical access Smart card or encrypted network traffic. Modern public key infra-
structure is expected to support more applications, users and devices in a complex ecosystem,
and with industry and government stricter regulations on data security, critical operating sys-
tems and business applications are more dependent on organizational public key infrastruc-
ture than ever before Credibility.
Electronic records are verified by creating digital signatures, which are mathematical func-
tions of message content; these signatures are created and verified through cryptography,
which is a branch of applied mathematics used for conversion by replacing them with retrans-
formation version to ensure data confidentiality and authentication, so that only those who
disclose the corresponding key to provide the original data.
The key is a string that controls the process of password conversion. It includes the following
two processes;
1. Encryption: The process of converting simple messages into encrypted text.
2. Decryption: restore the cipher text in the original message.
Asymmetric encryption can only be decrypted with the public key provided by the sender.
This procedure is based on Section 2 (1) (f) of the Information Technology Act of 2000.
There is a pair of keys: a private key known only by the sender and a public key known only
by the receiver.
The message is encrypted with the sender's private key; on the contrary, anyone who has the
public key can decrypt it. Represents the authenticity of the sender. It is also known as the
"irreversibility principle", which means many users know the sender's public key but cannot
access the sender's private key, which prevents them from creating digital signatures for
forgery.
Process of Digital Signature and Certifying Authority
PKI uses digital certificates to distribute public keys to users (owners of private keys) to
which they are assigned. A digital certificate is a voucher that can more easily verify the
identity between users in a transaction. The passport proves the identity of a citizen of a
country, and the digital certificate determines the identity of the user in the ecosystem, be-
cause the digital certificate is used to identify the user who sends encrypted data to it or ver-
ify the identity of the information recipient, protecting the authenticity and integrity of the
certificate. It is necessary to maintain the reliability of the system.
A certification authority (CA) issues a digital certificate used to verify the identity of a user.
CA ensures the security of PKI and the services it supports, so it may become the target of
complex targeted attacks. Attacks on mandatory mechanisms such as certification authorities,
physical and logical controls, and hardware security modules have become a necessary condi-
tion for ensuring the integrity of PKI.
Digital signatures are becoming more and more popular around the world. Countries/regions
that approve the use of digital signatures have a structure that regulates the acquisition and
use of digital signatures. No matter which country/region you are from, the rules remain the
same. Digital signatures are created and issued by qualified professionals. In order for every-
one to receive a valid digital certificate, they must obtain it from a certification authority
(CA).
Certificate Authority (CA) is a trusted service provider and third party, trusted and accepted
in the country, and authorized to issue digital signatures to citizens. It must be maintained and
supervised.
First, a person must obtain a digital signature certificate from the CA, and then the following
process:
1. Use a hash function to delimit the original sender's message to obtain a message digest.
2. Then use the private key to encrypt the message configuration file.
3.Use the signature function to convert the digest of the encrypted message into a digital sig-
nature.
4. The digital signature is attached to the original data.
5. Two things are transmitted to the recipient:
a. Original message
b. Digital signature
Rule 4 of the 2000 Information Technology Regulations (Certification Authority) explains
the digital signature process:
1. To sign an electronic record or other information, the signer first applies a hash function in
the signer’s software. The hash function is a function for mapping data of an arbitrary size to
data of a fixed size. The value returned by the hash function is called the hash value, hash
code, digest, or simply hash code.
2. The hash function calculates the hash result with a standard length unique to the electronic
data record.
3. The signature software converts the hash result with the signer's private key into a digital
signature.
4. The generated digital signature is unique to the electronic record and the private key used
to create it.
5. The digital signature is attached to your electronic record and stored or transmitted with
your electronic record.
Verification process digital signature
The recipient receives the original message and digital signature. Then two steps are required:

1. Obtain a new message digest from the original message by applying the hash result.
2. The signer's public key is applied to the digital signature received by the receiver to obtain
another message digest.
3. If the digests of the two messages are the same, the message is not corrupted.
Rule 5 of the Information Technology (Certifying Authority) Regulations 2000 explains the
procedure for verifying digital signatures as follows:
Verification of digital signatures is achieved by using a hash function to calculate a new hash
result of the original electronic data record. It is used to create a digital signature using the
public key and the new hash result.