Digital Signature

- By Sanmita Nepal

Digital certificate
Digital Certificate is the attachment to an electronic message used for security purposes. A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificateissuing authority so that a recipient can verify that the certificate is real. The most widely accepted format for digital certificates is defined by the CCITT X.509 international standard. And the most widely used standard for digital certificates is X.509.

Who issue digital signature?

Digital signatures originate from a certificate authority (CA), an organization that claims responsibility for any digital signature it creates.
CAs act as gatekeepers by allowing only people who the organization trusts to create digital signatures. Large CAs like Verisign, whose certificates come preinstalled in many web browsers, enforce validity through large fees.

Definition
A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.
A digital signature is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper. Digital signature schemes normally give two algorithms,
one for signing which involves the user's secret or private key, one for verifying signatures which involves the user's public key.

Comparison
Physical Signature
Physical signature is just a writing on a paper. Physical signatures can be copied.

Digital Signature
Digital signature encompasses crucial parameters of identification. It is IMPOSSIBLE to copy digital signature.

Physical Signature does not give privacy to the content.

Physical signature cannot protect the content.

Digital signature also enables encryption and thus privacy.

Digital signature protects the content.

Security mechanism of digital signature

 A signature provides authentication of a "message".

Digital signatures are used to create public key infrastructure (PKI) schemes where:
a user's public key is tied to a user by a digital identity certificate issued by a certificate authority. PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of identification. Digital Signature enforces Authentication , Integration and Non-Repudiation

 A digital signature scheme typically consists of three algorithms:

A key generation algorithm G, that randomly produces a "key pair" (PK, SK) for the signer. PK is the verifying key, which is to be public, and SK is the signing key, to be kept private. A signing algorithm S, that, on input of a message m and a signing key SK, produces a signature . A signature verifying algorithm V, which on input a message m, a verifying key PK, and a signature , either accepts or rejects.

Digital Signatures Schemes

- RSA as a digital signature
Basic RSA signatures are computed as follows: To generate RSA signature keys, one simply generates an RSA key pair. To sign a message m, the signer computes =md mod n. To verify, the receiver checks that m = e mod n. where (e, n) is the public key and (d, n) is the private key.

Digital Vs. Electronic signature

A digital signature is an electronic signature, but an electronic signature is not necessarily a digital signature.
Electronic signatures are scanned copies of a physical written signature. According to the Electronic Signatures Act (full name The Electronic Signatures in Global and National Commerce Act), an electronic or e-signature is any "electronic sound, symbol or process" used to sign an electronic transaction.

A digital signature is a "secure" electronic signature which uses encryption and passwords to protect the integrity of the signature and guarantee the authenticity of the party who signed it.

Where are digital signatures being used?

Digital signatures are commonly used for:
software distribution, financial transactions, in other cases where it is important to detect forgery or tampering. Website development esp in ecommerce sites

Benefits
Fraud Prevention
Authentication Integrity

Challenges
Complication(non computer literates find it very difficult)
High Cost (buying certificates from certification authorities and getting the verification software) Security issues like loss of keys Trusted time stamping

Use of digital signature in ecommerce

Digital signature has emerged as a key enabler of ecommerce
Provides an effective security mechanism for ecommerce. With the rise in online shopping through an ecommerce system , there is also rise in the fraudulent incidents. So, helps safeguard them by ensuring proper authentication and integration. There are a few digital signature authorities that are there to authenticate the ecommerce website.

Digital signature is the signature of an ecommerce website which ensures that the website is authenticated and that it is safe to transact with that website.

Related VIdeos

How to apply digital signature on the emails you send?

The End.