Scribd Logo
Upload

Welcome to Scribd!

  • Seminar Digital Signature

    Uploaded by

    garima_gaur27
    257 views11 pages
    Digital signatures use public key cryptography to authenticate the identity of a sender and ensure the integrity of a message. The signing process involves using a hash function to create a digital fingerprint of the message and private key to encrypt it. Verification is done using the corresponding public key to decrypt the digital signature and compare it to a newly generated hash of the original message. Digital signatures provide authentication, integrity, and non-repudiation, but rely on keeping the private key secret and can be compromised if the private key is lost or stolen. Additional security measures like trusted timestamping are needed to prove when a document was signed.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Digital signatures use public key cryptography to authenticate the identity of a sender and ensure the integrity of a message. The signing process involves using a hash function to create a digital fingerprint of the message and private key to encrypt it. Verification is done using the corresponding public key to decrypt the digital signature and compare it to a newly generated hash of the original message. Digital signatures provide authentication, integrity, and non-repudiation, but rely on keeping the private key secret and can be compromised if the private key is lost or stolen. Additional security measures like trusted timestamping are needed to prove when a document was signed.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    257 views11 pages

    Seminar Digital Signature

    Uploaded by

    garima_gaur27
    Digital signatures use public key cryptography to authenticate the identity of a sender and ensure the integrity of a message. The signing process involves using a hash function to create a digital fingerprint of the message and private key to encrypt it. Verification is done using the corresponding public key to decrypt the digital signature and compare it to a newly generated hash of the original message. Digital signatures provide authentication, integrity, and non-repudiation, but rely on keeping the private key secret and can be compromised if the private key is lost or stolen. Additional security measures like trusted timestamping are needed to prove when a document was signed.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    What Is Digital Signature ?

    A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

    History
    In the famous paper "New Directions in Cryptography", Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only conjectured that such schemes existed. Soon afterwards, Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm, the first scheme for digital signatures . Most early signature schemes were of a similar type: they involve the use of a trapdoor permutation, such as the RSA function, or in the case of the Rabin signature scheme, computing square modulo composite n

    Some digital signature algorithms


    Full Domain Hash, RSA-PSS etc., based on RSA DSA ECDSA ElGamal signature scheme Undeniable signature SHA (typically SHA-1) with RSA Rabin signature algorithm Pointcheval-Stern signature algorithm

    Schnorr signature

    A digital signature scheme typically consists of three algorithms:

    A key generation algorithm G that randomly produces a "key pair" (PK, SK) for the signer. PK is the verifying key, which is to be public, and SK is the signing key, to be kept private.

    A signing algorithm S, that on input a message m and a signing key SK, produces a signature . A signature verifying algorithm V, that on input a message m, a verifying key PK, and a signature , either accepts or rejects.

    How Digital Signature Technology Works


    Digital signatures are created and verified by cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible forms and back again. Digital signatures use what is known as "public key cryptography," which employs an algorithm using two different but mathematically related "keys;" one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its original form. Computer equipment and software utilizing two such keys are often collectively termed an "asymmetric cryptosystem." The complementary keys of an asymmetric cryptosystem for digital signatures are arbitrarily termed the private key, which is known only to the signer and used to create the digital signature, and the public key, which is ordinarily more widely known and is used by a relying party to verify the digital signature. If many people need to verify the signer's digital signatures, the public key must be available or

    distributed to all of them, perhaps by publication in an on-line repository or directory where it is easily accessible. Although the keys of the pair are mathematically related, if the asymmetric cryptosystem has been designed and implemented securely Another fundamental process, termed a "hash function," is used in both creating and verifying a digital signature. A hash function is an algorithm which creates a digital representation or "fingerprint" in the form of a "hash value" or "hash result" of a standard length which is usually much smaller than the message but nevertheless substantially unique to it.

    Process
    Thus, use of digital signatures usually involves two processes, one performed by the signer and the other by the receiver of the digital signature:

    Digital signature creation uses a hash result derived from and unique to both the signed message and a given private key. For the hash result to be secure, there must be only a negligible possibility that the same digital signature could be created by the combination of any other message private key.

    Digital signature verification is the process of checking the digital signature by reference to the original message and a given public key, thereby determining whether the digital signa ture was created for that same message using the private key that corresponds to the referenced public key. To sign a document or any other item of information, the signer

    first delimits precisely the borders of what is to be signed. The delimited information to be signed is termed the "message" in these Guidelines. Then a hash function in the signer's software computes a

    hash result unique (for all practical purposes) to the message. The signer's software then transforms the hash result into a digital signature using the signer's private key. The resulting digital signature is thus unique to both the message and the private key used to create it. Typically, a digital signature (a digitally signed hash result of the message) is attached to its message and stored or transmitted with its message.

    Verification of a digital signature is accomplished by computing a new hash result of the original message by means of the same hash function used to create the digital signature. Then, using the public key and the new hash result, the verifier checks: (1) whether the digital signature was created using the corresponding private key; and (2) whether the newly computed hash result matches the original hash result which was transformed into the digital signature during the signing process. The verification software will confirm the digital signature as "verified" if: (1) the signer's private key was used to digitally sign the message, which is known to be the case if the signer's public key was used to

    verify the signature because the signer's public key will verify only a digital signature created with the signer's private key and (2) the message was unaltered, which is known to be the case if the hash result computed by the verifier is identical to the hash result extracted from the digital signature during the verification process.

    Benefits of digital signatures


    These are common reasons for applying a digital signature to communications : Authentication Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context. Integrity In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Although encryption hides the contents of a message, it may be possible to change an encrypted message without understanding it.However, if a message is digitally signed, any change in the message will invalidate the signature.

    Drawbacks of digital signatures

    Despite their usefulness, digital signatures do not alone solve all the problems we might wish them to. Non-repudiation In a cryptographic context, the word repudiation refers to the act of disclaiming responsibility for a message. A message's recipient may insist the sender attach a signature in order to make later repudiation more difficult, since the recipient can show the signed message to a third party (eg, a court) to reinforce a claim as to its signatories and integrity.e signed message to a third party (eg, a court) to reinforce a claim as to its signatories and integrity. However, loss of control over a user's private key will mean that all digital signatures using that key, and so ostensibly 'from' that user, are suspect.

    Association of digital signatures and trusted time stamping Digital signature algorithms and protocols do not inherently provide certainty about the date and time at which the underlying document was signed. The signer might, or might not, have included a time stamp with the signature, or the document itself might have a date mentioned on it, but a later reader cannot be certain the signer did not,Such misuse can be made impracticable by using trusted time stamping in addition to digital signatures.

    Additional security precautions All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user's computer, and protected by, for instance, a local password, but this has two disadvantages: the user can only sign documents on that particular computer and the security of the private key completely depends on the security of the computer, which is notoriously unreliable for many PCs and operating systems.

    The current state of use legal and practical


    Digital signature schemes all have several prior requirements without which no such signature can mean anything, whatever the cryptographic theory or legal provision.Only if all of these conditions are met will a digital signature actually be any evidence of who sent the message, and therefore of their assent to its contents. Legal enactment cannot change this reality of the existing engineering possibilities, though some such have not reflected this actuality.In several countries, a digital signature has a status somewhat like that of a traditional pen and paper signature. Generally, these provisions mean that what is digitally signed legally binds the signer of the document to the terms therein. For that reason, it is often thought best to use separate key pairs for encrypting and signing.

    Application
    Signed Certificates The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a Web site in order to establish an encrypted connection for credit card and other confidential data Signed Files The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a Web site. Code signing also uses signed digital certificates to verify the identity of the site .

    CONTENT

    What Is Digital Signature ?

    History Algorithms Technology Used Process Involved Benefits of Digital Signature Drawbacks Current Status Application of CAPTCHA

    MADHAV INSTITUTE OF TECHNOLOGY & SCIENCE, GWALIOR

    Seminar REPORT ON Digital signature

    SUBMITED TO:
    Prof. MANI GUPTA GAUR Prof. RUPALI SEM

    SUBMITED BY:
    GARIMA IT-09012 IT- 5th

    You might also like