Digital Signatures

Electronic Record
1. Very easy to make copies
2. Very fast distribution
3. Easy archiving and retrieval
4. Copies are as good as original
5. Easily modifiable
6. Environmental Friendly

Because of 4 & 5 together, these lack authenticity

 Why Digital Signatures?
•To provide Authenticity,
Integrity and Non-
repudiation to electronic
documents
•To use the Internet as the
safe and secure medium for
e-Commerce and e-
Governance
 Why Digital Signatures?
Message authentication − When the verifier validates the digital
signature using public key of a sender, he is assured that signature has
been created only by sender who possess the corresponding secret private
key and no one else.
Data Integrity − In case an attacker has access to the data and modifies it,
the digital signature verification at receiver end fails. The hash of modified
data and the output provided by the verification algorithm will not match.
Hence, receiver can safely deny the message assuming that data integrity
has been breached.
Non-repudiation − Since it is assumed that only the signer has the
knowledge of the signature key, he can only create unique signature on a
given data. Thus the receiver can present data and the digital signature to a
third party as evidence if any dispute arises in the future.
 Encryption
Char 1 2 3 4 5 6 7 8 9
a b c d e f g h i j
b c d e f g h i j k
c d e f g h i j k l
Caesar Cipher d
e
e
f
f
g
g
h
h
i
i
j
j
k
k
l
l
m
m
n

3 changes
f g h i j k l m n o

The shift is linear and equidistributed g

h
h
i
i
j
j
k
k
l
l
m
m
n
n
o
o
p
p
q
i j k l m n o p q r

I agree lcdjuhh j
k
l
k
l
m
l
m
n
m
n
o
n
o
p
o
p
q
p
q
r
q
r
s
r
s
t
s
t
u
m n o p q r s t u v
i+3=l n o p q r s t u v w
o p q r s t u v w x
Space=c [+3] p q r s t u v w x y
q r s t u v w x y z
r s t u v w x y z 0

Key Cipher s
t
t
u
u
v
v
w
w
x
x
y
y
z
z
0
0
1
1
2
u v w x y z 0 1 2 3

The shift is linear (cyclic) 269 v

w
x
w
x
y
x
y
z
y
z
0
z
0
1
0
1
2
1
2
3
2
3
4
3
4
5
4
5
6
y z 0 1 2 3 4 5 6 7

k.n.gupta 62 mewam3rzjba z
0
1
0
1
2
1
2
3
2
3
4
3
4
5
4
5
6
5
6
7
6
7
8
7
8
9 .
8
9

2 3 4 5 6 7 8 9 .
k+2=m 3 4 5 6 7 8 9 . a
4 5 6 7 8 9 . a b
5 6 7 8 9 . a b c
(dot)=e [+6] 6 7 8 9 . a b c d
7 8 9 . a b c d e
8 9 . a b c d e f
n=w [+9] 9 . a b c d e f g
. (Dot) a b c d e f g h
Space a b c d e f g h i
What is Digital Signature?
• Hash value of a message when
encrypted with the private key of a
person is his digital signature on that
e-Document
– Digital Signature of a person
therefore varies from document to
document thus ensuring authenticity
of each word of that document.
– As the public key of the signer is
known, anybody can verify the
message and the digital signature
 Digital Signatures
Each individual generates his own key pair
[Public key known to everyone & Private key only to the owner]

Private Key – Used for making digital signature

Public Key – Used to verify the digital signature

 RSA Key pair
(including Algorithm identifier)
[2048 bit]
Private Key
3082 010a 0282 0101 00b1 d311 e079 5543 0708 4ccb 0542 00e2 0d83 463d e493 bab6
06d3 0d59 bd3e c1ce 4367 018a 21a8 efbc ccd0 a2cc b055 9653 8466 0500 da44 4980
d854 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1
463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5
b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39 0a8a
cf42 b2f0 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16
6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d1 6559
b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff 9634
04e3 459e a146 2840 8102 0301 0001

Public Key
3082 01e4 f267 0142 0f61 dd12 e089 5547 0f08 4ccb 0542 00e2 0d83 463d e493 bab6
0673 0d59 bf3e c1ce 4367 012a 11a8 efbc ccd0 a2cc b055 9653 8466 0500 da44 4980
d8b4 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1
463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5
b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39 0a8a
cf42 b250 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16
6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d1 6559
b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff 9634
04de 45de af46 2240 8410 02f1 0001
 Signed Messages Calculated
Calculated
Message Hash
Hash
Message

Message
Message
Sent thru’ Internet
Message
Message
++
++
signature
signature Signature
Signature
if
COMPARE
COMPARE OK
Hash
Hash S i gn
e Signatures
Mess d
a ge verified

SIGN
SIGNhash
hash Hash
Hash
With Sender’s
With Sender’s
Private
Privatekey
key
Decrypt
Decrypt
Signature
Signature
With
WithSender’s
Sender’s
Sender Receiver Public
PublicKey
Key
 Paper signatures v/s Digital Signatures

Parameter Paper Electronic

May be forged Can not be copied
Authenticity

Signature Signature depends

Integrity independent of the on the contents of
V/s document the document

a. Handwriting a. Any computer

Non- expert needed user
repudiation b. Error prone b. Error free
• Key Generation
– Random Numbers
– RSA Key Pair [Private/Public Key]
• Digital Signature
– Generate Message Digest
[SHA1]
– Encrypting Digest using Private
Key [Signatures]
– Attaching the Signatures to the
message.
• Verification of Signatures
– Run the test for Authentication,
Integrity and Non repudiation.
• Digital Signature Certificate
– ITU X.509 v3
 Private key protection
• The Private key generated
is to be protected and kept
secret. The responsibility of
the secrecy of the key lies
with the owner.

• The key is secured using

– PIN Protected soft token

– Smart Cards
– Hardware Tokens
PIN protected soft tokens
• The Private key is encrypted
and kept on the Hard Disk in
a file, this file is password
protected.
• This forms the lowest level
of security in protecting the
key, as
– The key is highly reachable.
– PIN can be easily known or
cracked.
• Soft tokens are also not
preferred because
– The key becomes static and
machine dependent.
– The key is in known file
format.
 Smart Cards
• The Private key is
generated in the crypto
module residing in the
smart card.
• The key is kept in the
memory of the smart card.
• The key is highly secured as
it doesn’t leave the card,
the message digest is sent
inside the card for signing,
and the signatures leave
the card.
• The card gives mobility to
the key and signing can be
done on any system. (Having
smart card reader)
 Hardware Tokens

Smart Card
iKey

Biometrics – adds another level of security to these tokens

 Public Key Infrastructure
(PKI)
• Some Trusted Agency is required which
certifies the association of an individual
with the key pair.
Certifying Authority (CA)
• This association is done by issuing a
certificate to the user by the CA
Public key certificate (PKC)
• All public key certificates are digitally
signed by the CA
 Certifying Authority
•• Must
Must be
be widely
widely known
known andand trusted
trusted
•• Must
Must have
have well
well defined
defined Identification
Identification process
process
before issuing the certificate
before
• issuing
Provides online
the access to all the certificates
certificate
•• issued
Provides
Provides online
online access
access to
to the list certificates
all the of certificates
revoked
issued
•• Displays
Provides online
online the license
access issued
to the by the
list of
Controller
•certificates
Displays online approved Certification Practice
Statement
revoked (CPS)
•• Must adhere
Displays to IT
online theAct/Rules/Regulations
license issued by theand
Guidelines
Controller
• Displays online approved Certification
 Public-Key Certification
User Certificate

Serial No.
Certificate
User
User Name Database
Name &
other
credentials Signed User’s Email
Signed Address
by using
Certificate by using
CA’s
License issued
CA’s Publis by CCA
Request private User’s
private Public Key h
User’s key User 1 certificate
key
Public CA’s Name
key User 2 certificate
Certificate .
Class
Public
Public
Validity
Private
Web site of CA
Digital
Signature
Key pair of CA
Generation
 Trust Path
•Controller is the Root certifying authority
responsible for regulating Certifying
Authorities (CAs)
• Controller certifies the association of CA
with his public key
•Certifying Authority (CA) is the trusted
authority responsible for creating or
certifying identities.
•CA certifies the association of an
individual with his public key
 Role of controller
Controller of Certifying
Authorities as the “Root”
Authority certifies the
technologies,infrastructure and
practices of all the Certifying
Authorities licensed to issue
Digital Signature Certificates
 Summary
• Each individual has a pair of keys
• Public key of each individual is certified
by a CA (Certifying Authority)
• Public keys of CAs are certified by the
Controller
• Public key of the Controller is self
certified
• Public keys of everyone are known to all
concerned and are also available on the
web
• Certification Practice Statement is
displayed on the web site
 Public Key Cryptography
Encryption Technologies
Confidentiality

Encrypted
Encrypted Encrypted
Encrypted
Document
Document Document
Document
Document
Document Document
Document

Public Key of B Private Key of B

Thank You