Digital Signatures – Key Pair Management

The secure use of digital signatures depends on the management of an entity’s digital signature key pair as succeeds:

1. The validity of the domain parameters shall be assured before the generation of the key pair, or the check and validation of a digital signature .
2. Each key pair shall be associated with the domain parameters under which the key pair was generated.
3. Key pairs shall only be utilized to generate and verify signatures using their associated domain parameters.
4. The private key shall be utilized only for signature generation and shall be kept secret; the public key shall be utilized exclusively for signature verification and may be made public.
5. An intended signatory shall have assurance of ownership of the private key before or at the same time with utilizing it to generate a digital signature .
6. A private key shall be protected from unauthorized access, disclosure and alteration.
7. A public key shall be protected from unauthorized modification (including substitution). For example, public key certificates that are signed by a Certification Authority may provide such protection.
8. A verifier shall be assured of a binding between the public key, its associated domain parameters and the key pair owner .
9. A verifier shall obtain public keys in a trusted manner (for instance, from a certificate signed by a Certification Authority that the entity trusts, or directly from the intended or claimed signatory, provided that the entity is trusted by the verifier and can be authenticated as the source of the signed data that’s to be verified).
10. Verifiers shall be assured that the claimed signatory is the key pair owner, and that the owner possessed the private key that was utilized to generate the digital signature at the time that the signature was generated (that is, the private key that’s associated with the public key that will be utilized to verify the digital signature) .
11. A signatory and a verifier shall have assurance of the validity of the public key .

Published in Digital Signatures , Saturday February 7th 2009
Tags: , , ,



8 Responses to “Digital Signatures – Key Pair Management”

  1. Alla says:

    Can somebody tell me whether XML Digital Signature elements are user defined elements or predefined ones?

  2. Carmine says:

    predefined

  3. Alcor says:

    What is X.509 ?

  4. admin says:

    It is a standard and provides two means to bind information to certificates:

    1. Certificate Policy
    2. Certification Practice Statement

  5. Alcor says:

    What is a Certificate Policy ?

  6. admin says:

    A (CP) essentially is a unique, registered Object Identifier (OID), which can be included in the certificate.

  7. Incha says:

    What is PKI ?

  8. Archie says:

    PKI refers to the technology, infrastructure, and practices that support the implementation and operation of a certificate-based public key cryptographic system. The system uses a pair of mathematically related keys — called a private key and a public key — to encrypt and decrypt confidential information and to generate and verify digital signatures.

  9. Ken says:

    interesting post

  10. P. Silva says:

    a very good article about Digital Signatures – Key Pair Management

Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved