Digital Signature

This post is a part of the Digital Signatures and Computer Security articles series.

Digital signatures are equivalent to conventional handwritten signatures in several aspects; right implemented digital signatures are harder to forge than the handwritten type. The digital signature can be utilized to offer assurance that the claimed signatory signed the data.

In plus, a digital signature can be utilized to discover whether or not the data was altered after it was signed (id est, to find the integrity of the signed information). These assurances may be obtained whether the information was obtained in a transmission or retrieved from storage. A properly implemented digital signature algorithm that meets the necessities of this standard can offer these services.

A digital signature algorithm includes a digital signature generation process and a signature verification process. A signatory utilizes the generation process to generate a digital signature on information; a verifier utilizes the verification process to verify the authenticity of the signature. Each signatory has a public and private key and is the possessor of that key pair.

The private key is utilized in the signature generation process. The key pair possessor is the only entity that’s authorized to utilize the private key to generate digital signatures. In order to prevent other entities from claiming to be the key pair possessor and utilizing the private key to generate fraudulent signatures, the private key must stay secret, id est, the private key must be known only by the key pair possessor.

The approved digital signature algorithms are designed to prevent an adversary who doesn’t know the signatory’s private key from generating the same signature as the signatory on a different message. Put differently, signatures are projected so that they can’t be forged.

A number of alternative terms are utilized in this standard to refer to the signatory or key pair possessor. An entity that intends to generate digital signatures in the future may be cited to as the intended signatory. Before the verification of a signed message, the signatory is cited to as the claimed signatory until such time as adequate assurance can be obtained of the actual identity of the signatory.

The public key is utilized in the signature verification process. The public key require not be kept secret, but its integrity must be conserved. Anybody can control a correctly signed message utilizing the public key.

For both the signature generation and verification processes, the message (that is, the signed information), is compressed by means of an approved hash function. Both the uncompressed message and the digital signature are made accessible to a verifier.

A verifier needs assurance that the public key to be utilized to verify a signature belongs to the entity that claims to have generated a digital signature (i.e., the claimed signatory). That’s, a verifier necessitates assurance that the signatory is the actual possessor of the public/private key pair utilized to generate and verify a digital signature. A binding of an possessor’s identity and the possessor’s public key shall be effected in order to provide this assurance.

A verifier also necessitates assurance that the key pair possessor actually owns the associated private key, and that the public key is a mathematically correct key.
By receiving these assurances, the verifier has assurance that if the digital signature can be correctly verified utilizing the public key, the digital signature is valid ( the key pair owner really signed the message). Digital signature validation includes both the (mathematical) verification of the digital signature and obtaining the appropriate assurances.

Published in Digital Signatures , Friday January 23rd 2009
Tags: , , ,



10 Responses to “Digital Signature”

  1. Camara says:

    What is SSL ?

  2. admin says:

    Secure Sockets Layer (SSL) technology is a security protocol.
    It is today’s de facto standard for securing communications and transactions across the Internet.

  3. absting says:

    What is the newest version of the SSL ?

  4. admin says:

    Transport Layer Security (TLS)

  5. Ricardo says:

    What is PKI ?

  6. admin says:

    PKI means public key infrastructure. To learn more about PKI I recommend to visit:
    http://www.entrust.com

  7. Iniesta says:

    Can be a CA SYSTEM attacked ?

  8. admin says:

    Yes.The attacks can be:

    1)external: collusion, sabotage, disgruntlement, or outright theft by employers
    2)internal: internal theft of private keys form employers

  9. archimede says:

    What makes a secret key more secure ?

  10. admin says:

    The longer the key length, the more secure the encryption.If it is longer a hacker need to try more combination in a brute force attack.

  11. Ken says:

    interesting post

  12. P. Silva says:

    a very good article about Digital Signature

Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved