Digital Signatures

Encryption – Process of converting electronic data into another form, called ciphertext, which
cannot be easily understood by anyone except the authorized parties. This ensures data
security.
Decryption– Process of translating code to data. The message is encrypted at the sender’s side
using various encryption algorithms and decrypted at the receiver’s end with the help of the
decryption algorithms. When some message is to be kept secure like username, password, etc.,
Encryption and decryption techniques are used to assure data security.
Types of Encryptions
1. Symmetric Encryption– Data is encrypted using a key and the decryption is
also done using the same key.
2. Asymmetric Encryption-Asymmetric Cryptography is also known as public key cryptography.
It uses public and private keys to encrypt and decrypt data. One key in the pair which can be
shared with everyone is called the public key. The other key in the pair, which is kept secret and
is only known by the owner is called the private key. Either of the keys can be used to encrypt a
message; the opposite key from the one used to encrypt the message is used for decryption.

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of
a message, software, or digital document.
1. Key Generation Algorithms: Digital signatures are electronic signatures, which assure
that the message was sent by a particular sender. While performing digital transactions
authenticity and integrity should be assured, email programs create a one-way hash of
the electronic data which is to be signed. The signing algorithm then encrypts the hash
value using the private key (signature key). This encrypted hash along with other
information like the hashing algorithm is the digital signature. This digital signature is
appended with the data and sent to the verifier. The reason for encrypting the hash
instead of the entire message or document is that a hash function converts any arbitrary
input into a much shorter fixed-length value. This saves time as now instead of signing a
long message a shorter hash value must be signed and moreover hashing is much faster
than signing.
2. Signature Verification Algorithms: Verifier receives Digital Signature along with the
data. It then uses Verification algorithm to process on the digital signature and the
public key (verification key) and generates some value. It also applies the same hash
function on the received data and generates a hash value. Then the hash value and the
 output of the verification algorithm are compared. If they both are equal, then the
digital signature is valid.
The steps followed in creating digital signature are:
1. Message digest is computed by applying hash function on the message and then
message digest is encrypted using private key of sender to form the digital signature.
(digital signature = encryption (private key of sender, message digest) and message
digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message. (message + digital signature is
transmitted)
3. Receiver decrypts the digital signature using the public key of sender. (This assures
authenticity, as only sender has his private key so only sender can encrypt using his
private key which can thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual message
digest Message digest is computed using one-way hash function, i.e., a hash function
in which computation of hash value of a message is easy but computation of the
message from hash value of the message is very difficult)

Benefits of Digital Signatures

Legal documents and contracts: Digital signatures are legally binding. This makes them ideal for any legal
document that requires a signature authenticated by one or more parties and guarantees that the record
has not been altered.
Sales contracts: Digital signing of contracts and sales contracts authenticates the identity of the seller
and the buyer, and both parties can be sure that the signatures are legally binding and that the terms of
the agreement have not been changed.

Financial Documents: Finance departments digitally sign invoices so customers can trust that the
payment request is from the right seller, not from a bad actor trying to trick the buyer into sending
payments to a fraudulent account.

Federal, state, and local government agencies have stricter policies and regulations than many private
sector companies. From approving permits to stamping them on a timesheet, digital signatures can
optimize productivity by ensuring the right person is involved with the proper approvals.

Shipping Documents: Helps manufacturers avoid costly shipping errors by ensuring cargo manifests or
bills of lading are always correct. However, physical papers are cumbersome, not always easily accessible
during transport, and can be lost. By digitally signing shipping documents, the sender and recipient can
quickly access a file, check that the signature is up to date, and ensure that no tampering has occurred.

Drawbacks of Digital Signatures

Dependence on Key Management: Digital signatures rely on the secure management of cryptographic
keys. This means that the sender must keep their private key safe and secure from unauthorized access,
while the recipient must verify the sender’s public key to ensure its authenticity. Any failure in key
management can compromise the security of the digital signature.

Complexity: Digital signatures require a complex process of key generation, signing, and verification. This
can make them difficult to implement and use for non-technical users.

Compatibility: Different digital signature algorithms and formats may not be compatible with each other,
making it difficult to exchange signed messages across different systems and applications.

Legal Recognition: Although digital signatures have legal recognition in many countries, their legal status
may not be clear in all jurisdictions. This can limit their usefulness in legal or regulatory contexts.

Revocation: In case of key compromise or other security issues, digital signatures must be revoked to
prevent their misuse. However, the revocation process can be complex and may not be effective in all
cases.

Cost: Digital signatures may involve additional costs for key management, certificate issuance, and other
related services.