SlideShare une entreprise Scribd logo

Digital signature

Télécharger en tant que DOCX, PDF
G
gajerachetan

A digital signature provides authentication of the sender, integrity of the document, and non-repudiation by using public key cryptography. It consists of a signing process, where the document is hashed and the hash is encrypted with the private key and attached to the original document. In verification, the signature is decrypted with the public key and compared to a newly generated hash of the document to validate authenticity. Digital signatures are commonly used for legally binding electronic documents and communications to establish trust between parties.

1  sur  5
DIGITAL SIGNATURE A digital signature is an electronic signature that can be usedto authenticate the identity of the sender of a message or thesigner of a document, and possibly to ensure that the originalcontent of the message or document that has been sent isunchanged. Why use certificate signatures? Many business transactions, including financial, legal, and other regulated transactions, require high assurance when signing documents. When documents are distributed electronically, it is important that recipients can: Verify document authenticity – confirming the identity of each person who signed the document Verify document integrity – confirming that the document has not been altered in transit Certificate-based signatures provide both of these security services. Many businesses and governments have chosen to set up a certificate-based digital signature infrastructure within their organization – using third party certificate authorities to provide independent identity validation. Examples include: Pharmaceutical companies who need to use signatures that comply with the SAFE (Signatures & Authentication For Everyone) BioPharma industry standard Companies in the European Union who need to comply with the ETSI PAdES standard (PDF Advanced Electronic Signatures) Other reasons why more and more organizations choose to use this type of digital signatures include: 1. Saving money. The electronic signing method eliminates the cost of paper, printing, and courier services. 2. Document integrity. Organizations that publish/release any kind of PDF material on the internet can now be assured that the PDF documents will not be modified in any way to alter the organization’s brand or credibility. 3. Work efficiency. Handling a document electronically (clicking a button or entering a password) is way faster than circulating it through interoffice mail or courier. A digital signature scheme typically consists of three algorithms: * A key generation algorithm that selects a private keyuniformly at random from a set of possible private keys.The algorithm outputs the private key and a corresponding public key. * A signing algorithm that, given a message and a privatekey, produces a signature. * A signature verifying algorithm that, given a message,public key and a signature, either accepts or rejects themessage's claim to authenticity.
Two main properties are required: 1. a signature generated from a fixed message and fixed privatekey should verify the authenticity of that message by using thecorresponding public key. 2. it should be computationally infeasible to generate a validsignature for a party who does not possess the private key. HOW DIGITAL SIGNATURE WORKS: There are two processes in digital signatures: 1. signing process - In this process, data is convertedinto hash by using hash function then this hash isencrypted by using signer's private key and then this isattached to the data and send. 2.verification - In this process, digital signature areverified. First, digitally signed data is split into dataand signature. then data is converted into hash andsimultaneously signature isdecrypted using signer's publickey. if both hash are same then the digital signatures areverified. Below are some common reasons for applying a digital signature tocommunications:
1. Authentication Digital signatures can be used to authenticate the source ofmessages. When ownership of a digital signature secret key is bound to aspecific user, a valid signature shows that the message was sentby that user. The importance of high confidence in sender authenticity isespecially obvious in a financial context. For example, suppose a bank's branch office sends instructions tothe central office requesting a change in the balance of anaccount. If the central office is not convinced that such a message istruly sent from an authorized source, acting on such a requestcould be a grave mistake. 2. Integrity In many scenarios, the sender and receiver of a message may havea need for confidence that the message has not been alteredduring transmission. Although encryption hides the contents of a message, it may bepossible to change an encrypted message without understanding it. However, if a message is digitally signed, any change in themessage after signature will invalidate the signature. Furthermore, there is no efficient way to modify a message andits signature to produce a new message with a valid signature,because this is still considered to be computationally infeasibleby most cryptographic hash functions. 3.Non-repudiation Non-repudiation, or more specifically non-repudiation of origin,is an important aspect of digital signatures. By this property an entity that has signed some informationcannot at a later time deny having signed it. Similarly, access to the public key only does not enable afraudulent party to fake a valid signature. This is in contrast to symmetric systems, where both sender andreceiver share the same secret key,and thus in a dispute a third party cannot determine which entitywas the true source of the information The components that a digital signature comprise of. 1. Your public key: This is the part that any one can get a copy of and is part of the verification system. 2. Your name and e-mail address: This is necessary for contact information purposes and to enable the viewer to identify the details.
3. Expiration date of the public key: This part of the signature is used to set a shelf life and to ensure that in the event of prolonged abuse of a signature eventually the signature is reset. 4. Name of the company: This section identifies the company that the signature belongs too. 5. Serial number of the Digital ID: This part is a unique number that is bundled to the signature for tracking ad extra identification reasons. 6. Digital signature of the CA (certification Authority): This is a signature that is issued by the authority that issues the certificates. Figure A User A is depicted above and has two keys a public key, this key is available to the public for download, and a private key, this key is not available to the public. All keys are used to lock the information in an encrypted mode. The same keys are required to decrypt the data. Another user can encrypt the data using users A’s Public Key. User A will use the Private Key to decrypt the message. Without user A’s Private Key the data can not be decrypted. Figure B below depicts the encryption method and decryption method and witch keys are used. Figure B
Digital signature can be used to make document e-mails and other data private. Big brother is out there and choosing a high encryption mechanism ensures that any one attempting to decrypt the data would find it unviable to attempt decryption. User A’s machine digests the data into a simple string of code after user A’s software has encrypted the message digest with his private key. The result is the digital signature. User A’s software then appends the digital signature to document. All of the data that was hashed has been signed. User A then passes the digitally signed document to user B. First user B’s software decrypts the signature, using User A’s public key then changing it back into a message digest. After the decryption if it has decrypted the data to digest level then verifies that user A in fact did sign the data. To stop fraud certificate authorities have been introduced. Certificate authorities can sign User A’s public key, ensuring that no one else uses Bobs information or impersonated his key. If a user is uncertain of the digital signature it is possible to verify the digital signature with the certificate authority. Signatures can also be revoked if they are abused or if it is suspected that they are abused. When a digital signature is compromised the user that suspects that the certificate is compromised should report the incident to the certificate authority.

Recommandé

Digital signatures
Digital signaturesDigital signatures
Digital signatures
atuljaybhaye
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
st anns PG College,Mallapur,Hyderabad, India
 
Digital signature
Digital signatureDigital signature
Digital signature
Yash Karanke
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
Melwin Mathew
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
Rahul Yadav
 
Creation & Verification of Digital Signature using Digisigner
Creation & Verification of Digital Signature using DigisignerCreation & Verification of Digital Signature using Digisigner
Creation & Verification of Digital Signature using Digisigner
Palash Mehar
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Ehtisham Ali
 
Digital signature
Digital signatureDigital signature
Digital signature
Hossain Md Shakhawat
 

Recommandé

Digital signatures
Digital signaturesDigital signatures
Digital signatures
atuljaybhaye
 
D.Silpa
D.SilpaD.Silpa
D.Silpa
st anns PG College,Mallapur,Hyderabad, India
 
Digital signature
Digital signatureDigital signature
Digital signature
Yash Karanke
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
Melwin Mathew
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
Rahul Yadav
 
Creation & Verification of Digital Signature using Digisigner
Creation & Verification of Digital Signature using DigisignerCreation & Verification of Digital Signature using Digisigner
Creation & Verification of Digital Signature using Digisigner
Palash Mehar
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Ehtisham Ali
 
Digital signature
Digital signatureDigital signature
Digital signature
Hossain Md Shakhawat
 
Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
Ankita Dave
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraud
BUSINESS SOFTWARES & SOLUTIONS
 
Digital signature
Digital signatureDigital signature
Digital signature
Abdullah Khosa
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
Sonu Mishra
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief Introduction
Ganesh Kothe
 
Ds over
Ds overDs over
Ds over
jolly9293
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Sumanth Paramesh
 
It act
It actIt act
It act
Yogesh Thawait
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
Soham Kansodaria
 
Digital signature
Digital signatureDigital signature
Digital signature
Mohanasundaram Nattudurai
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
Earnlogicconsultants
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
nayakslideshare
 
C08 crypto-digital signature13
C08 crypto-digital signature13C08 crypto-digital signature13
C08 crypto-digital signature13
ravik09783
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
Netri Chowdhary
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 
Digital signature
Digital signatureDigital signature
Digital signature
AJAL A J
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
Shubham Sharma
 
What is Digital Signature, Digital Signature FAQ - eMudhra
What is Digital Signature, Digital Signature FAQ - eMudhraWhat is Digital Signature, Digital Signature FAQ - eMudhra
What is Digital Signature, Digital Signature FAQ - eMudhra
eMudhra dsc
 
Digital Signatdsbuisduifhudosffdosfure.pptx
Digital Signatdsbuisduifhudosffdosfure.pptxDigital Signatdsbuisduifhudosffdosfure.pptx
Digital Signatdsbuisduifhudosffdosfure.pptx
MuthuvasanSR
 
Digital Signature in Indian Evidence act .pptx
Digital Signature in Indian Evidence act .pptxDigital Signature in Indian Evidence act .pptx
Digital Signature in Indian Evidence act .pptx
9jz8vgkshv
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
Vivaka Nand
 

Contenu connexe

Tendances

Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
Ankita Dave
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief Introduction
Ganesh Kothe
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
Netri Chowdhary
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 

Tendances (19)

Digital signature 2
Digital signature 2Digital signature 2
Digital signature 2
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraud
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief Introduction
 
Ds over
Ds overDs over
Ds over
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
It act
It actIt act
It act
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Dsc ppt
Dsc pptDsc ppt
Dsc ppt
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
C08 crypto-digital signature13
C08 crypto-digital signature13C08 crypto-digital signature13
C08 crypto-digital signature13
 
Digital certificate & signature
Digital certificate & signatureDigital certificate & signature
Digital certificate & signature
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signature & PKI Infrastructure
Digital signature & PKI InfrastructureDigital signature & PKI Infrastructure
Digital signature & PKI Infrastructure
 
What is Digital Signature, Digital Signature FAQ - eMudhra
What is Digital Signature, Digital Signature FAQ - eMudhraWhat is Digital Signature, Digital Signature FAQ - eMudhra
What is Digital Signature, Digital Signature FAQ - eMudhra
 

Similaire à Digital signature

Digital Signatdsbuisduifhudosffdosfure.pptx
Digital Signatdsbuisduifhudosffdosfure.pptxDigital Signatdsbuisduifhudosffdosfure.pptx
Digital Signatdsbuisduifhudosffdosfure.pptx
MuthuvasanSR
 

Similaire à Digital signature (20)

Digital Signatdsbuisduifhudosffdosfure.pptx
Digital Signatdsbuisduifhudosffdosfure.pptxDigital Signatdsbuisduifhudosffdosfure.pptx
Digital Signatdsbuisduifhudosffdosfure.pptx
 
Digital Signature in Indian Evidence act .pptx
Digital Signature in Indian Evidence act .pptxDigital Signature in Indian Evidence act .pptx
Digital Signature in Indian Evidence act .pptx
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
 
Digital_signature_ppt.pptx
Digital_signature_ppt.pptxDigital_signature_ppt.pptx
Digital_signature_ppt.pptx
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Digital signatures and e-Commerce
Digital signatures and e-CommerceDigital signatures and e-Commerce
Digital signatures and e-Commerce
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Digital signatur
Digital signaturDigital signatur
Digital signatur
 
E business--dig sig
E business--dig sigE business--dig sig
E business--dig sig
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptx
 
Digital certificates & its importance
Digital certificates & its importanceDigital certificates & its importance
Digital certificates & its importance
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Digital Signatures- Learning The Process With Fun
Digital Signatures- Learning The Process With Fun Digital Signatures- Learning The Process With Fun
Digital Signatures- Learning The Process With Fun
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
Ecommerce 27-1.pptx
Ecommerce 27-1.pptxEcommerce 27-1.pptx
Ecommerce 27-1.pptx
 
Digital signature by mohsin iftikhar
Digital signature by mohsin iftikhar Digital signature by mohsin iftikhar
Digital signature by mohsin iftikhar
 
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01CoverSpace : Certificate authority for internal use plus e tax and e-policy01
CoverSpace : Certificate authority for internal use plus e tax and e-policy01
 
Asymmetric Cryptography digital sig.pptx
Asymmetric Cryptography digital sig.pptxAsymmetric Cryptography digital sig.pptx
Asymmetric Cryptography digital sig.pptx
 

Digital signature

  • 1. DIGITAL SIGNATURE A digital signature is an electronic signature that can be usedto authenticate the identity of the sender of a message or thesigner of a document, and possibly to ensure that the originalcontent of the message or document that has been sent isunchanged. Why use certificate signatures? Many business transactions, including financial, legal, and other regulated transactions, require high assurance when signing documents. When documents are distributed electronically, it is important that recipients can: Verify document authenticity – confirming the identity of each person who signed the document Verify document integrity – confirming that the document has not been altered in transit Certificate-based signatures provide both of these security services. Many businesses and governments have chosen to set up a certificate-based digital signature infrastructure within their organization – using third party certificate authorities to provide independent identity validation. Examples include: Pharmaceutical companies who need to use signatures that comply with the SAFE (Signatures & Authentication For Everyone) BioPharma industry standard Companies in the European Union who need to comply with the ETSI PAdES standard (PDF Advanced Electronic Signatures) Other reasons why more and more organizations choose to use this type of digital signatures include: 1. Saving money. The electronic signing method eliminates the cost of paper, printing, and courier services. 2. Document integrity. Organizations that publish/release any kind of PDF material on the internet can now be assured that the PDF documents will not be modified in any way to alter the organization’s brand or credibility. 3. Work efficiency. Handling a document electronically (clicking a button or entering a password) is way faster than circulating it through interoffice mail or courier. A digital signature scheme typically consists of three algorithms: * A key generation algorithm that selects a private keyuniformly at random from a set of possible private keys.The algorithm outputs the private key and a corresponding public key. * A signing algorithm that, given a message and a privatekey, produces a signature. * A signature verifying algorithm that, given a message,public key and a signature, either accepts or rejects themessage's claim to authenticity.
  • 2. Two main properties are required: 1. a signature generated from a fixed message and fixed privatekey should verify the authenticity of that message by using thecorresponding public key. 2. it should be computationally infeasible to generate a validsignature for a party who does not possess the private key. HOW DIGITAL SIGNATURE WORKS: There are two processes in digital signatures: 1. signing process - In this process, data is convertedinto hash by using hash function then this hash isencrypted by using signer's private key and then this isattached to the data and send. 2.verification - In this process, digital signature areverified. First, digitally signed data is split into dataand signature. then data is converted into hash andsimultaneously signature isdecrypted using signer's publickey. if both hash are same then the digital signatures areverified. Below are some common reasons for applying a digital signature tocommunications:
  • 3. 1. Authentication Digital signatures can be used to authenticate the source ofmessages. When ownership of a digital signature secret key is bound to aspecific user, a valid signature shows that the message was sentby that user. The importance of high confidence in sender authenticity isespecially obvious in a financial context. For example, suppose a bank's branch office sends instructions tothe central office requesting a change in the balance of anaccount. If the central office is not convinced that such a message istruly sent from an authorized source, acting on such a requestcould be a grave mistake. 2. Integrity In many scenarios, the sender and receiver of a message may havea need for confidence that the message has not been alteredduring transmission. Although encryption hides the contents of a message, it may bepossible to change an encrypted message without understanding it. However, if a message is digitally signed, any change in themessage after signature will invalidate the signature. Furthermore, there is no efficient way to modify a message andits signature to produce a new message with a valid signature,because this is still considered to be computationally infeasibleby most cryptographic hash functions. 3.Non-repudiation Non-repudiation, or more specifically non-repudiation of origin,is an important aspect of digital signatures. By this property an entity that has signed some informationcannot at a later time deny having signed it. Similarly, access to the public key only does not enable afraudulent party to fake a valid signature. This is in contrast to symmetric systems, where both sender andreceiver share the same secret key,and thus in a dispute a third party cannot determine which entitywas the true source of the information The components that a digital signature comprise of. 1. Your public key: This is the part that any one can get a copy of and is part of the verification system. 2. Your name and e-mail address: This is necessary for contact information purposes and to enable the viewer to identify the details.
  • 4. 3. Expiration date of the public key: This part of the signature is used to set a shelf life and to ensure that in the event of prolonged abuse of a signature eventually the signature is reset. 4. Name of the company: This section identifies the company that the signature belongs too. 5. Serial number of the Digital ID: This part is a unique number that is bundled to the signature for tracking ad extra identification reasons. 6. Digital signature of the CA (certification Authority): This is a signature that is issued by the authority that issues the certificates. Figure A User A is depicted above and has two keys a public key, this key is available to the public for download, and a private key, this key is not available to the public. All keys are used to lock the information in an encrypted mode. The same keys are required to decrypt the data. Another user can encrypt the data using users A’s Public Key. User A will use the Private Key to decrypt the message. Without user A’s Private Key the data can not be decrypted. Figure B below depicts the encryption method and decryption method and witch keys are used. Figure B
  • 5. Digital signature can be used to make document e-mails and other data private. Big brother is out there and choosing a high encryption mechanism ensures that any one attempting to decrypt the data would find it unviable to attempt decryption. User A’s machine digests the data into a simple string of code after user A’s software has encrypted the message digest with his private key. The result is the digital signature. User A’s software then appends the digital signature to document. All of the data that was hashed has been signed. User A then passes the digitally signed document to user B. First user B’s software decrypts the signature, using User A’s public key then changing it back into a message digest. After the decryption if it has decrypted the data to digest level then verifies that user A in fact did sign the data. To stop fraud certificate authorities have been introduced. Certificate authorities can sign User A’s public key, ensuring that no one else uses Bobs information or impersonated his key. If a user is uncertain of the digital signature it is possible to verify the digital signature with the certificate authority. Signatures can also be revoked if they are abused or if it is suspected that they are abused. When a digital signature is compromised the user that suspects that the certificate is compromised should report the incident to the certificate authority.