Digital signatures are used to verify the authenticity and integrity of digital messages or documents. They are generated using public key cryptography with a private key and can be verified by anyone using the corresponding public key. A digital signature encodes the hash of a message with the sender's private key, allowing the recipient to verify that the message was sent by the claimed sender and was not altered.
2. Need for digital signatures
are used to digitally sign messages or objects.
Ensuring message content integrity
The signature is appended at the end of message before transmission. If an
encrypted message is tampered with, the digital signature becomes invalid.
Verifying the authenticity of the message sender
A digital signature ensures that an encrypted message cannot be deciphered by
unintended recipients
3. What is a Digital Signature made up of?
are generated by Public Key Cryptography using public and private
keys to encrypt and decrypt messages.
Public key
Private key
4. Comparing Digital signatures with message digest?
A message digest is a fixed-length result of converting the contents
of a message into a hash-like a cyclic redundancy check.
A message digest is appended at the end of a message and
transmitted to validate the contents of the original message.
A digital signature differs from a simple message digest in:
A message digest alters the content of a message into a fixed length result. The
original message content cannot be recovered from digest.
A message digest does not provide secrecy but a digital signature is encrypted.
7. Drawbacks of digital signatures
Non-Repudiation
If sender lost its private key, the authenticity of all messages having digital
signatures using that key would have been compromised.
Time Stamping
do not contain any record of the date and time when a particular document was
signed.
8. Standards and Features of Digital Certificates
A Digital Certificate is a data structure with a digital signature.
The data structure also contains information like the public key,
identity of the key owner and name of certification authority who guarantees
the authenticity of the key owner.
A signature is viewed as trusted when it is generated by a
Certification Authority (CA) since digitally signed data cannot be altered
without detection.
Two types of certification standards:
X.509
PGP (Pretty Good Privacy)
14. Digital Keys and Key Store
A digital key is a kind of a password or a passphrase used in
cryptography calculations.
A file containing a collection of public and private keys is known as a
keystore.
Keystore not only stores the user’s certificate with its public and
private keys but also stores other’s certificates with a public key.
16. Verification of Digital Certificate
The recipient receives a signed JAR file and a certificate file
containing the public key corresponding to the private key used to sign the
JAR file.
Import the certificate as a Trusted Certificate
Verify the JAR file Signature
The imported public key certificate is used to verify
19. Generating public and private keys
A key pair generated by using the KeyPairGenerator class.
Create a Key-Pair Generator
Initialize the Key-Pair generator
20. Digitally signing the data
Get a Signature Object
Initialize the Signature Object
Supply the data to be Signed to the Signature Object
Generate the Signature