CONTENTS

Encryption
Digital signature overview
Digital Signature Creation
Hashing
How Encryption and Digital Signatures Work
Digital Signature Verifications
Legal aspects
Advantages of digital signature
Disadvantages of digital signature

ENCRYPTION
Encryption is the conversion of data into a form, called a
CIPHER Text .The use of encryption/decryption is as old as the

art of communication. It is especially important in wireless

communications. Encryption/decryption is a good idea when
carrying out any kind of sensitive transaction.
Ex:

A credit-card purchase online , or the discussion of a

company

secret

between

different

departments

in

the

organization.

TYPES OF ENCRYPTION
Private key encryption
Private key means that each computer has a secret key
(code) that it can use to encrypt a packet of information
before it is sent over the network to the other computer.
Public Key encryption
Public key encryption uses a combination of a private key
and a public

key. The key is based on a hash value.

This is a value that is computed from a base input number

using a hashing algorithm.
SIMPLE ENCRYPTION EXAMPLE
Encryption depends on modifying or scrambling messages. So a
key is necessary to understand the message. If the original
message

is
GOD

IS

GREAT

then the encrypted version depends on the key as follows:

(key = 1) HPE JT HSFBU
(key = 2) IQF KU ITGCV
(key = 3) JRG LV JSHDW

DIGITAL SIGNATURES

A digital

signature or digital

signature

scheme is

mathematical scheme for demonstrating the authenticity of

a digital message or document. A valid digital signature
gives a recipient reason to believe that the message was
created by a known sender, such that the sender cannot
deny having sent the message (authentication and nonrepudiation) and that the message was not altered in transit
(integrity). Digital signatures are commonly used for software
distribution, financial transactions, and in other cases where
it is important to detect forgery or tampering. It can be used
with any kind of message, whether it is encrypted or not,
simply so that the receiver can be sure of the sender's
identity and that the message arrived is intact.
Digital signatures are often used to implement electronic
signatures, a broader term that refers to any electronic data
that carries the intent of a signature, but not all electronic
signatures use digital signatures. In some countries, including
the United States, India, Brazil, and members of the European
Union, electronic signatures have legal significance.
Digital signatures employ a type of asymmetric cryptography.
For messages sent through a nonsecure channel, a properly
implemented digital signature gives the receiver reason to
believe the message was sent by the claimed sender. In many
instances, common with Engineering companies for example,
digital seals are also required for another layer of validation and
security.

Digital

seals

and

signatures

are

equivalent

to

handwritten signatures and stamped seals. Digital signatures

are equivalent to traditional handwritten signatures in many

respects, but properly implemented digital signatures are more
difficult to forge than the handwritten type. Digital signature
schemes, in the sense used here, are cryptographically based,
and must be implemented properly to be effective. Digital
signatures can also provide non-repudiation, meaning that the
signer cannot successfully claim they did not sign a message,
while also claiming their private key remains secret; further,
some non-repudiation schemes offer a time stamp for the
digital signature, so that even if the private key is exposed, the
signature is valid. Digitally signed messages may be anything
representable
mail, contracts,

as

a bitstring:
or

examples

message

include electronic

sent

via

some

other cryptographic protocol.

CREATION OF DIGITAL SIGNATURES

A digital signature scheme typically consists of three
algorithms:
1. HASHING algorithm.
2. Signature Generation Algorithm
3. A signature verifying algorithm that, given a message,
public key and a signature, either accepts or rejects the
message's claim to authenticity.
Hashing
Hashing is the transformation of a string of characters into a
usually shorter fixed-length value or key that represents the

original string.As a simple example of the using of hashing in

databases, a group of people could be arranged in a
database like this:
Abernathy Sara, Epperdingle Roscoe, Moore Wilfred, Smith
David (and many more sorted into alphabetical order)
After Hashing, each of them will be replaced by a 4 digit
number (in this case)
7864=>

Abernathy Sara

1990=> Moore Wilfred

9802=> Epperdingle Roscoe

8822=>

Smith David

(and so

forth).
Hashing Algorithm
The formula for hashing depends on two inputs:
the sequence of characters representing the electronic
data is to be signed
a secret number is referred to as a signature's private key
associated with the signing party and to which only that
party has access to.
Some simple Hash Functions are:
1. The division-remainder method
2. Folding
3. Radix transformation
4. Digit rearrangement

Methods of Encryption based on Privacy

Encryption scrambles or modifies a message or document so

it cannot be read and understood, except by the intended
recipient. A key is necessary to reverse the scrambling or
modification, to make the message readable.
Methods of Encryption based on Privacy are as follows:

a message may be digitally signed, but not encrypted

a message may be encrypted first, then digitally signed

a message may be digitally signed first, then encrypted

Prerequisites to create a digital signature

1. Public-private digital key pair.
2. Certificate Authority.
The public key certificate creates proof of the identity of the
signer by using the services of a certificate authority.
3.

A certificate authority uses a variety of processes to

associate the particular public key with an individual.

The combination of public key and proof of identity result in a

public key certificate - also called a signer's certificate

Digital Signature Verification:

It is the process of checking the digital signature by the
reference to the original message and a given public key.

Verifying also relies on a formula. Here, the formula depends on

three inputs:
1. The

sequence

of

characters

representing

the

supposedly originally signed electronic data

2. The public key of the signing party
3. The value representing the supposedly authentic
digital signature.
The output of the formula is a simple answer: YES or NO.

LEGAL ASPECTS OF DIGITAL SIGNATURES

The digital signature is that which makes a document a legal
one. It is a representation of assuring that the document meets
all legal requirements and is authentic in its framework. The
actual digital signature provides the following:
Evidence
Ceremony
Approval
Efficiency

Applications of digital signatures

As organizations move away from paper documents with ink

signatures or authenticity stamps, digital signatures can
provide added assurances of the evidence to provenance,
identity, and status of an electronic document as well as
acknowledging informed consent and approval by a signatory..

Below are some common reasons for applying a digital

signature to communications:
Authentication
Although messages may often include information about the
entity sending a message, that information may not be
accurate. Digital signatures can be used to authenticate the
source of messages. When ownership of a digital signature
secret key is bound to a specific user, a valid signature shows
that the message was sent by that user. The importance of high
confidence in sender authenticity is especially obvious in a
financial context. For example, suppose a bank's branch office
sends instructions to the central office requesting a change in
the balance of an account. If the central office is not convinced
that such a message is truly sent from an authorized source,
acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and receiver of a message may
have a need for confidence that the message has not been
altered during transmission. Although encryption hides the
contents of a message, it may be possible to change an
encrypted message without understanding it. (Some encryption
algorithms, known as nonmalleable ones, prevent this, but
others do not.) However, if a message is digitally signed, any
change in the message after signature invalidates the
signature. Furthermore, there is no efficient way to modify a
message and its signature to produce a new message with a

valid signature, because this is still considered to be

computationally infeasible by most cryptographic hash
functions .
Non-repudiation
Non-repudiation, or more specifically non-repudiation of origin,
is an important aspect of digital signatures. By this property, an
entity that has signed some information cannot at a later time
deny having signed it. Similarly, access to the public key only
does not enable a fraudulent party to fake a valid signature.

ADVANTAGES OF DIGITAL SIGNATURES

The following are the main benefits of using digital signatures:

Speed: Businesses no longer have to wait for paper

documents to be sent by courier. Contracts are easily written,
completed, and signed by all concerned parties in a little
amount

of

time

no

matter

how

far

the

parties

are

geographically.

Costs:

Using

postal

or

courier

services

for

paper

documents is much more expensive compared to using digital

signatures on electronic documents.

Security: The use of digital signatures and electronic

documents reduces risks of documents being intercepted, read,
destroyed, or altered while in transit.

Authenticity: An electronic document signed with a digital

signature can stand up in court just as well as any other signed
paper document.

Tracking: A digitally signed document can easily be

tracked and located in a short amount of time.

Non-Repudiation: Signing an electronic document digitally

identifies you as the signatory and that cannot be later denied.

Imposter prevention: No one else can forge your digital

signature or submit an electronic document falsely claiming it
was signed by you.

Time-Stamp: By time-stamping your digital signatures, you

will clearly know when the document was signed.

DISADVANTAGES OF DIGITAL SIGNATURES

Just like all other electronic products, digital signatures have
some disadvantages that go with them. These include:

Expiry: Digital signatures, like all technological products,

are highly dependent on the technology it is based on. In this
era of fast technological advancements, many of these tech
products have a short shelf life.

Certificates: In order to effectively use digital signatures,

both senders and recipients may have to buy digital certificates
at a cost from trusted certification authorities.

Software: To work with digital certificates, senders and

recipients have to buy verification software at a cost.

Law: In some states and countries, laws regarding cyber

and technology-based issues are weak or even non-existent.
Trading in such jurisdictions becomes very risky for those who
use digitally signed electronic documents.

Compatibility: There are many different digital signature

standards and most of them are incompatible with each other
and this complicates the sharing of digitally signed documents.

B.R.C.M COLLEGE OF BUSINESS

ADMINISTRATION
ASSIGNMENT I
COMPUTER APPLICATION IV

S.Y B.B.A

DIV- III

NAME: JWALANT SINGH KHENGER

ROLL NO: 206

RIDHIMA SARAF

: 210

SALONI SHAH

: 220

RENU SHARMA

: 226

POOJAN ZAVERI

: 253

TOPIC: DIGITAL SIGNATURE

SUBMITTED TO: MRS. PAYAL SAXENA

SUBMISSION DATE: 21 FEBRUARY, 2015