Digital Signatures is used to replace the need of handwritten signature for authenticity of many legal, financial and other documents.
Need for digital signatures
With the advent of internet age where the transactions are being done online, there was much felt need of a secure mode of communication which instigates feeling of assurance that the system is as secure as the authenticity and integrity of signature based paper transactions.
The online system needs the following traits to develop faith and reliability in the online paperless world:
i) The receiver can verify the claimed identity of sender to equate the authenticity and identity of the sender.
ii) The sender cannot repudiate the contents of the message to equate the witness
to prove the authenticity of transaction.
iii) The receiver cannot possibly have modified the message himself to equate the
contents of a signed and sealed document on paper i.e. to maintain integrity.
Example
Imagine a situation where a customer orders a bank using internet to buy a ton of
gold.
The first requirement to make out the identity of sender is important, so as to make out correctly the identity of the customer whose account is to be debited.
The second requirement is needed to protect interests of bank against fraud.
For instance, if the prices of gold drops, a dishonest customer can disclaim his
order. So, now if the bank produces customers order message , he cannot deny
having sent it.
The third requirement is needed to protect interests of customers against fraud.
For instance, if the prices of gold goes up, a dishonest banker can modify his order saying that he ordered only a bar of gold instead of a ton. So, now if the
customer moves court he can produce his order message which should have
evidentiary effect equivalent order on paper.
Thus, a solution was needed to be devised for computerized message systems to replace the physical transport of paper and ink documents and provide authenticity
of financial,legal and other documents which is otherwise determined by presence
and absence of an authorized hand written signature.
The solution devised to solve the above issues is - Use of Digital Signatures.
What are Digital Signatures
Digital Signatures is a special case of message integrity code, where only one
participant can have generated the code.
It is a methodology used to provide authenticity, integrity and can provide means to verify the identify the sender.
The easiest Digital signature algorithm is RSA signature . In brief it uses public key cryptography in which the two keys are used for encryption and decryption of
messages - public key and private key.
The public key is used to encrypt the original message and private key is used to
decrypt the message and receive the original message.
Note
It is not a signature - a sign , a term used in common terminology. It is not to
be confused with a special mark or a scanned copy of signature.
Implementation of Digital Signatures
It would be easier to understand the implementation of digital signatures with the
help of an example, say Santa wants to send a confidential message to Banta over
internet.
The requisites of the digital signatures are:
1. Confidentiality : Message should be sent in an encrypted for to maintain
confidentiality, so that if anyone except Banta(Receiver) snoops the message
during transit over internet is unable to extract the message.
2. Verification of identity of Sender : It should provide means to Banta(Receiver)
to verify the the message is sent by Santa(Originator/Sender) and not by any
imposter trying to use Banta's impersonation.
3. Integrity : It should provide means to verify the message is not modified and is
exactly the same as it was sent by originator/sender.
Implementation of Digital Signature for sending the message:
Step I : Santa (Originator/Sender) runs his message through an algorithm called
Hash function which produces a number called "Message Digest".
The Message Digest acts as a sort of "digital fingerprint" that Banta(Receiver)
will use to ensure that the message has not been altered.
Step II : Santa uses his private key to encrypt the Message Digest.
This produces a unique digital signature that only he , with his private key could
have created.
Step III : Santa generates a new random key . He uses this key to encrypt the
original message and his digital signature .
Banta would require a copy of this random key to decrypt Santa's message.
The random key is the only key in the world which can decrypt the message and at
this point it is only available with Santa.
Step IV : Santa encrypts this new random key with Banta's Public key.
This encrypted random key is called "Digital Envelope".
Only Banta will be able to decrypt the random key using his Private Key as it was
encrypted using his Public Key and only Banta possesses his Private Key.
Step V: Santa sends the message to Banta over internet that is comprised of
several parts:
1. Encrypted confidential message
2. Encrypted Digital Signature
3. Encrypted Digital Envelope
Implementation of Digital Signature on receiving the message:
Step I : Banta decrypts the digital envelope with his Private Key and thus obtains
the Random key which was used by Santa to encrypt the message.
Step II : Banta now uses the Random key to decrypt Santa's message.
Thus Banta obtains the message hence maintaining the confidentiality of message.
Step III : To establish the integrity of message, Banta now uses the Random key
obtained in Step I and Santa's Public key to decrypt his Digital Signature, thus
obtaining Santa's Message Digest (Digital Fingerprint)
Now Banta takes the message that he decrypted and runs it through the same
algorithm - Hash Function to produce a new message digest.
He now compares new message digest and previous one. If they matches, it
establishes that that it was not altered and that it was signed by Santa(Originator/Sender).
But if they do not match, it establishes that that either it was altered or that
it was not signed by Santa(Originator/Sender).
Last update : 13-10-2007 19:05
|
|
|
|
Articles 
