Skip to main content

What is a Digital Signature?

By Vikas Bagwe

What is a Digital Signature?
An introduction to Digital Signatures

Tom


(Tom's public key)

(Tom's private key)
Tom has been given two keys. One of Tom's keys is called a Public Key, the other is called a Private Key.
Tom's Co-workers:



   Anyone can get Tom's Public Key, but Tom keeps his Private Key to himself
Jerry
Henry
Jenny
Tom's Public key is available to anyone who needs it, but he keeps his Private Key to himself. Keys are used to encrypt information. Encrypting information means "scrambling it up", so that only a person with the appropriate key can make it readable again. Either one of Tom's two keys can encrypt data, and the other key can decrypt that data.
Jenny (shown below) can encrypt a message using Tom's Public Key. Tom uses his Private Key to decrypt the message. Any of Tom's coworkers might have access to the message Jenny encrypted, but without Tom's Private Key, the data is worthless.

"Hey Tom, how about lunch at Taco Bell. I hear they have free refills!"
HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A


HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY lxx2lCFHDC/A
"Hey Tom, how about lunch at Taco Bell. I hear they have free refills!"
With his private key and the right software, Tom can put digital signatures on documents and other data. A digital signature is a "stamp" Tom places on the data which is unique to Tom, and is very difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected.


To sign a document, Tom's software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)


Tom's software then encrypts the message digest with his private key. The result is the digital signature.
Finally, Tom's software appends the digital signature to document. All of the data that was hashed has been signed.

Tom now passes the document on to Jerry.
First, Jerry's software decrypts the signature (using Tom's public key) changing it back into a message digest. If this worked, then it proves that Tom signed the document, because only Tom has his private key. Jerry's software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Jerry knows that the signed data has not been changed.
Plot complication...
Henry (our disgruntled employee) wishes to deceive Jerry. Henry makes sure that Jerry receives a signed message and a public key that appears to belong to Tom. Unbeknownst to Jerry, Henry deceitfully sent a key pair he created using Tom's name. Short of receiving Tom's public key from him in person, how can Jerry be sure that Tom's public key is authentic?
It just so happens that Jenny works at the company's certificate authority center. Jenny can create a digital certificate for Tom simply by signing Tom's public key as well as some information about Tom.

Tom Info:
    Name
    Department
    Cubical Number
Certificate Info:
    Expiration Date
    Serial Number
Tom's Public Key:
         


Now Tom's co-workers can check Tom's trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Tom's company accepts a signature for which there does not exist a certificate generated by Jenny. This gives Jenny the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Jenny.
Let's say that Tom sends a signed document to Jerry. To verify the signature on the document, Jerry's software first uses Jenny's (the certificate authority's) public key to check the signature on Tom's certificate. Successful de-encryption of the certificate proves that Jenny created it. After the certificate is de-encrypted, Jerry's software can check if Tom is in good standing with the certificate authority and that all of the certificate information concerning Tom's identity has not been altered.
Jerry's software then takes Tom's public key from the certificate and uses it to check Tom's signature. If Tom's public key de-encrypts the signature successfully, then Jerry is assured that the signature was created using Tom's private key, for Jenny has certified the matching public key. And of course, if the signature is valid, then we know that Henry didn't try to change the signed content.
Although these steps may sound complicated, they are all handled behind the scenes by Jerry's user-friendly software. To verify a signature, Jerry need only click on it.


Labels:

Comments

Anonymous said…
thanks
September 15, 2011 at 3:25 PM
electronic signatures said…
I have seen a number of blogs on this topic of basic definition of digital signatures but I swear that the way you wrote the blog make it most interesting and easy to understand for those who are new to the terms.
September 20, 2011 at 6:55 PM
Post a Comment

Popular posts from this blog

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
45 comments
Read more

Linux File and Directory Permissions

By
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Post a Comment
Read more

How to create a Hirens Boot CD 15.2 USB Disk

By
Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems.  I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.
4 comments
Read more