Digital Signature

• A digital signature or digital signature scheme is

a mathematical scheme for demonstrating the
authenticity of a digital message or document.
• It provides information regarding the sender of an
electronic document.
• Digital signatures are created and verified by
cryptography. Digital signatures use public key
cryptography, which employs an algorithm using
two different but mathematically related keys, one
for creating a digital signature or transforming data
into a seemingly unintelligible form, and other key
for verifying a digital signature or returning the
message to its original form. Computer equipment
and software utilizing two such keys are often
collectively termed as “asymmetric crypto system”
•
 Digital Signature
 The complementary keys of an asymmetric
crypto system for digital signatures are
arbitrarily termed private key, which is known
only to the signer and used to create the digital
signature, and the public key, which is ordinarily
more widely known and is used by a relying
party to verify the digital signature.
 Digital signatures have been confused
with electronic signatures.  Electronic
signatures are scanned copies of a
physical written signature
 A valid digital signature gives a recipient
reason to believe that the message was created
by a known sender, and that it was not altered
in transit. Digital signatures are commonly used
for software distribution, financial transactions,
and in other cases where it is important to
detect forgery and tampering
 Digital
•
Signature
Digital Signatures — a message signed with a
sender's private key can be verified by
anyone who has access to the sender's public
key, thereby proving that the sender had
access to the private key (and therefore is
likely to be the person associated with the
public key used), and the part of the message
that has not been tampered with
• Digital signatures provide information regarding
the sender of an electronic document. The
technology has assumed huge importance
recently, with the realization that it may be
the remedy to one of the major barriers to
growth of electronic commerce: fear of lack of
security. Digital signatures provide data
integrity, thereby allowing the data to remain
in the same state in which it was transmitted.
The identify of the sender can also be
authenticated by third parties
 Digital Signature
The process of checking the validity of digital


signature.
• User A sends a signed document to User B.
• To verify the signature on the document, user B’s
application first uses the certificate authority's public key
to check the signature on user A’s certificate.
• Successful de-encryption of the certificate proves that the
certificate authority created it.
• After the certificate is de-encrypted, user B’s software can
check if user A is in good standing with the certificate
authority and that all of the certificate information
concerning user A’s identity has not been altered.
• User B’s software then takes user A’s public key from the
certificate and uses it to check user A’s signature. If user
A’s public key de-encrypts the signature successfully,
then user B is assured that the signature was created
using user A’s private key, for the certificate authority
has certified the matching public key.
• If the signature is found to be valid, then we know that an
 Digital Signature
• The most widely used type of
cryptography is public key
cryptography, where the sender is
assigned two keys – one public, one
private. The original message is
encrypted using the public key while
the recipient of the message requires
the private key to decrypt the
message. The recipient can then
determine whether the data has been
altered. However, although this
system guarantees the integrity of
the message, it does not guarantee
the identify of the sender (public key
owner). In order to remedy this, a
 Digital Signature
• A certification authority (CA) performs
the task of managing key pairs, while
the verification of the person or entity
bound to that key pair is initially
ascertained at the time of application
by the registration authority. A
certificate is issued by a CA and links
an individual or entity to its public
key, and in some cases to its private
key. Certification authorities can offer
different grades of certificates,
depending upon the type of initial
 Digital Signature
• The sender uses his private key to compute the
digital signature.
• Another fundamental process, termed hash
function, is used in both creating and verifying
a digital signature. An hash function(in the
signer’s software) is an algorithm which creates
a digital representation of the message in the
form of “hash value” of a standard length which
is much smaller than the message.
• The hash value is an efficient way to represent
the message, as well as being a unique
number that can only be calculated from
the contents of the message.
• Any change to the message will produce a
different hash result when the same hash
function is used. In the case of secure hash
function, some times termed as “one way-has
function, it is computationally infeasible to
derive the original message from the
 Digital Signature
• The signer’s software then
transforms the hash result into a
digital signature using the signer’s
private key . The resulting digital
signature is thus unique to both the
message and the private key used
to create it. The digital
signature(digitally signed hash
result of the message) is attached
to its message and stored or
transmitted with its message. Since
a digital signature is unique to its
message, it is useless if it is wholly
 Digital Signature

• Hash functions therefore enable the

software to create digital signatures to
operate on smaller and predictable
amounts of data, while still providing
robust evidentiary correlation to the
original message content, thereby
efficiently providing assurance that there
has been no medication of the message
since it was digitally signed.
• Thus, the use of digital signatures usually
involves two processes – one performed
by the signer, and the other by the
receiver of the digital signature.
 Digital
Signature
Digital Signature Verification


• This is the process of checking the digital

signature by references to the original message
and the given public key, thereby determining
whether the digital signature was created for
that same message using the private key
corresponding to the referenced public key.
• Verification of a digital signature is accomplished
by computing a new hash result of the original
message by means of the same hash function
used to create the digital signature. Then,
using the public key and the new hash result,
the verifier checks; (i) whether the digital
signature was created using the corresponding
private key, and (ii) whether the newly
computed hash result matches the original
hash result which was transformed into the
digital signature during the signing process.
 Digital Signature

• The verification software will confirm

the digital signatures as “verified” if
(i) the signer’s private was used to
digitally sign the message, which is
known to be the case if the signer’s
public key was used to verify the
signature because the signer’s public
key will verify only a digital signature
created with signer’s private key, and
(ii) the message was unaltered, which
is known to be case if the hash
resulted by verifier is identical to the
hash result extracted from the digital
signature during the verification
Digital signatures &
certificate
 Digital Signature
• There are several reasons to sign such a hash (or
message digest) instead of the whole
document.
• For efficiency: The signature will be much
shorter and thus save time since hashing is
generally much faster than signing in practice.
• For compatibility: Messages are typically bit
strings, but some signature schemes operate
on other domains (such as, in the case of RSA,
numbers modulo a composite number N). A
hash function can be used to convert an
arbitrary input into the proper format.
• For integrity: Without the hash function, the
text "to be signed" may have to be split
(separated) in blocks small enough for the
signature scheme to act on them directly.
However, the receiver of the signed blocks is
not able to recognize if all the blocks are
present and in the appropriate order.
 Digital Signature
Signer Authentication
• If a public and a private key pair is associated
with an identified signer, the digital signature
attribute the message to the signer. The
digital signature cannot be forged, unless the
signer loses control of the private key, such
as by divulging it or losing the media or
device in which it is contained.
Message authentication

• The digital signature also identifies the signed

message, typically with far greater certainty
and precision than paper signatures.
Verification reveals any tampering, since the
comparison of the hash results(one made at
signing and the other made at verifying)
shows whether the message is the same as
when signed.
 Digital Signature
• Affirmative Act.
• Creating a digital signature requires the signer
to use the signer’s private key. This act can
perform the “ceremonial” function of alerting
the signer to the fact that the signer is
consummating a transaction with legal
consequences.
• Assurances:
• The processes of creating and verifying a digital
signature provide a high level of assurance
that the digital signature is genuinely the
signer’s. As with the case of modern EDI, the
creation and verification processes are
capable of complete automation (sometimes
referred to as machinable), with human
interaction required only in exceptional cases.
Compared to paper methods, digital
signatures yield a high degree assurance
 Digital Signature
Reasons for using digital security.


• It insures by means of verification and

validation that the user is whom he/she
claims to be.  This is done by combine the
users credential to the digital certificate and
in turn this method uses one point of
authentication.
• Digital certificates insure data Integrity giving
the user piece of mind that the message or
transaction has not been accidentally or
maliciously altered.  This is done
cryptographically. 
• Digital certificates ensure confidentiality and
ensure that messages can only be read by
authorized intended recipients.
• Digital certificates also verify date and time so
that senders or recipients can not dispute if
the message was actually sent or received.
 Digital Signature
The components that a digital signature comprise


of.
• Your public key: This is the part that any one can get
a copy of and is part of the verification system.
• Your name and e-mail address: This is necessary
for contact information purposes and to enable the
viewer to identify the details.
• Expiration date of the public key: This part of the
signature is used to set a shelf life and to ensure
that in the event of prolonged abuse of a signature
eventually the signature is reset.
• Name of the company: This section identifies the
company that the signature belongs too.
• Serial number of the Digital ID: This part is a
unique number that is bundled to the signature for
tracking ad extra identification reasons.
• Digital signature of the CA (certification
Authority): This is a signature that is issued by the
authority that issues the certificates.
 Digital Signature
• Public key and private key

User A is depicted above and has two keys a public key,

this key is available to the public for download, and a
private key, this key is not available to the public.  All
keys are used to lock the information in an encrypted
mode.  The same keys are required to decrypt the data
 Digital Signature
• Public key and private key

Another user can encrypt the data using users A’s Public Key.
User A will use the Private Key to decrypt the message. Without
user A’s Private Key the data can not be decrypted.   The above
figure depicts the encryption method and decryption method and
which keys are used.