Advertisment

Digital Signatures

author-image
CIOL Bureau
Updated On
New Update

The Internet is being increasingly used for transferring sensitive information. These

may be private e-mail messages, legally binding documents, and active content like

JavaScript programs, ActiveX controls, and Java applets. Publishers of Web content need a

way to authenticate their work, and consumers need some way to verify the source.

Advertisment

Just as a person’s signature makes an official document authentic, a digital

signature acts as a stamp of authentication for digital data content. Before you can

digitally sign a document, you have to understand the elements involved, namely, the

private key, public key, and hash codes.

Dual key system



To encrypt or decrypt a file, one needs a cryptographic key. In symmetric
cryptography, the sender and receiver agree upon one key, and use it to send encrypted

messages. The main problem here is that they must exchange keys in secrecy, and also trust

each other to keep it secret.

Asymmetric cryptography is more practical. It involves the use of two keys -- a public

key and a private key. The private key is known only to the sender, while the public key

may be freely distributed. Both keys are mathematically related, but it is not easy to

calculate one given the other very easily. 

Advertisment

Certifying data integrity



The hash value of a document is an important element to certify and verify
its integrity. This is computed using an encryption software. The hash is not an encrypted

version of the document, but only unique mathematical "summary". It may only be

a few bytes long irrespective of how large the original document is. It is virtually

impossible for two different documents to ever have the same hash.

A good hashing algorithm is one that will produce a completely different hash even if

the document changes minutely (say, you change one letter in a megabyte-size report).

Thus, a document's hash is its stamp of data integrity. On reaching its destination, the

hash will be recalculated and compared with the old one. If nothing untowardly happened in

transit, the two values ought to match.

Signing a message



To digitally sign a document or message, its hash value is computed first. Then the
message and its hash are encrypted together using the sender's private key.

Advertisment

The recipient uses the sender's public key to decrypt the incoming message and the

hash. This hash is compared with a freshly computed hash. If they match, data integrity is

verified.

The encrypted hash is the digital signature. It serves a dual purpose. Firstly, the

recipient can be sure of the sender's identity because it was encrypted using the private

key (which only the sender possesses). Secondly, there can be no doubt over whether the

message was corrupted or tampered in transit.

Digital certificates



The public-private key pair plays an important role in the exchange of authentic
documents over untrusted networks. Users can either generate their own key pair using key

generation software like PGP, or ask the network security officer to do it for them.

Advertisment

Once generated, the private key must be preserved in utmost secrecy. The public key,

however, can be distributed freely. Owners can either distribute it themselves, or sign up

with a Certification Authority (CA), who will do it for them. A CA is a trusted

organisation that stores public keys in their directory, and assigns digital

certificates to their clients.

The certificate does not contain any confidential information. It holds general

information about the sender, the object being certified, signature of the CA, and most

importantly, the public key. Although the public key does not have to be distributed with

a certificate, the stamp of the CA makes it more legitimate.   

Applications of digital signatures



Due to digital signatures and certificates, the problem of securing several encrypted
messages now boils down to securing just one private key.

Advertisment

Digital signatures will enable secure and authentic transactions to be carried across

open networks. These may involve authentication of electronic payments, official and legal

communication, sites from which software is downloaded, and in smart cards.

Cryptographic Key
A key is a value applied by a cryptographic algorithm to

encrypt or decrypt a file. The key is like a password because without it, an encrypted

file cannot be unlocked. The longer the crypto key, the harder it is to crack.
Hash function
A hash function is a mathematical trans-

formation formula that takes an input of any size, and returns a string of fixed size.

Cryptographic hashing algorithms have certain special requirements:

- No two inputs

can ever have the same hash

- It must be infeasible to compute the original input given the hash

- Even a small change in the input should produce a drastic change in the output

Public-key Encryption
Asymmetric encryption is also used to send encrypted data across open

networks. However, this procedure of using the key pair is quite the opposite.

The

sender encrypts the data using the recipient's public key which is freely available. The

recipient uses the private key to decrypt it. This ensures a (largely) fool-proof method

of keeping private data away from prying eyes.

tech-news