A Presentation on

DIGITAL SIGNATURE

Presented By: Chandrashekhar Garg 09MCAXX610 MCA Vth Sem

Contents
What is Digital Signature Why Digital Signature Security Issues Solution Offered History DS Algorithm Key Concepts Working of DS RSA Algorithm Legislation Future Scope

What is Digital signature

What is Digital signature ???

A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and was not altered in transit. transit. Digital signatures are commonly used for software distribution, financial transactions, and in cases where it is important to detect forgery and tampering .

Why Digital signature

Security Issues of Authentic & Legal transfer of electronic documents

Secure Confidential Integrated Authentic Legal & Non repudiated method of exchanging the electronic documents on networks.

Solutions Offered
Physical World
Authenticity Notaries, Physical Presence, Photo ID card Envelopes

Electronic World
Digital Signature

Privacy & Confidentiality

Encryption

Integrity

NonRepudiation

Signatures, Barcodes, Watermarks, Sealed letter Notarized signature, Receipts &Confirmations

Digital Signature Digital Signature

History of Digital Signature

History of Digital Signature

Diffie and Hellman was first to introduce the concept of a Digital Signature in their paper New Direction in Cryptography in 1976. Different approaches have been tried and finally Digital Signature is adopted as a secure, confidential and non-repudiation nonmethod of exchanging the e-documents eand electronic-information. electronic-

Digital Signature Algorithm (DSA)

Digital Signature Algorithm (DSA)

Digital Signature Algorithm (DSA) provides the capability to generate and verify signatures. signatures. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. signatory. the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. signatory. This is known as non-repudiation since the signatory cannot, at a later nontime, repudiate the signature. signature. Signature generation digital signature. signature. makes use of a private key to generate a

Signature verification makes use of a public key which corresponds to, but is not the same as, the private key. key. Each user possesses a private and public key pair. pair. Public keys are assumed to be known to the public in general. general. Private keys are never shared. shared. Anyone can verify the signature of a user by employing that user's public key

How Private & Public Keys are used with electronic documents ?
Mr.Agrawals Private Key Mr.Agrawals Public Key

Mr. Agrawal
Agrawals Coworkers Deric Neeraj

Deric

Hello Agrawal , I have some secret message for you, which is in the almirah no.2 at cell no. 1, please take it, immediately Hshvesoesec megeorou,hich isinpppgikfkdjf sdttheellnjnkd sfkkoneeefdaif fsflisfsftheiitks ffsdfdffsf helleekilfksajf thelfak tately

Encrypt with Public Key of Agrawal

Hshvesoesec megeorou,hic hisinpppgikfk djfsdttheellnj nkdsfkkoneeef daiffsflisfsfthe iitksffsdfdffsf helleekilfksajf thelfak tately

Agrawal

Decrypt with Private Key of Agrawal

Hello Agrawal , I have some secret message for you, which is in the almirah no.2 at cell no. 1, please take it, immediately

How Digital signature Works

How Digital Signature Works?

To make a digital signature to a document, Agrawals software will crunch down the data into just a few lines by a process called hashing. These few lines are called a message digest.

Hash

Message Digest

Cont
Message Digest
Encrypted with Private Key

.
Signature

Agrawals software then encrypts the message digest with his private Key. The result is the digital Signature. Finally, Agrawals software appends the digital signature to documents. All of the data that was hashed has been signed.

Cont
Signature
Append to the document

Now, Mr. Agrawal have a electronic document with signature and send to another co-worker Mr. Neeraj.

First Neerajs software decrypts the signature (using Agrawals public key) changing it back into a message digest. If this worked , then it proves that Agrawal signed the document, because only Agrawal has his private key. Neetajs software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Neeraj knows that the signed data has not been changed.

Hash

Message Digest

Decrypt with Public Key

Message Digest

RSA Algorithm
Whitfield diffie and Martin Hellman developed the concept of public key cryptosystem New direction of cryptography . Implementation of public key RSA Algorithm -Ron Rivest, Adi Shamir and Le Adleman Public Key cryptosystem A pair of Keys is extract one Public and one Private Based on 128 bit key Algorithm Private Key to remain secret and Public key to be given to any one

Illustration of Public Key Algorithme

Legislation for Digital Signature

Legislation of different countries concerning the effect and validity of digital signatures are as follows :
Brazil European Union - Medida provisoria 2.200-2 (portuguese) - Directive 1999/93/EC of the European Parliament and of the Council of 13 Dec 1999 on a Community framework for electronic signatures - Electronic Communications Act, 2000

England, Scotland and Wales Sweden

- Qualified Electronic Signatures Act (SFS 2000:832) (in swedish). SFS 2000:832 in english translation - Electronic Transactions Act, 2003 sections 22-24 - Information Technology Act, 2000

New Zealand India

The Information Technology Act, 2000

The Information Technology Act, 2000

To meet the challenges posed by the information technology, the parliament has enacted the Information Technology Act, 2000. Many provisions of the 2000. Act reflect India s determination to utilize the benefits of e-governance for judicial purposes . Recognition of e-Records :- Section 4 provides that where any law requires that information or any other matter shall be in writing or type written or in printed form. Such requirements shall be deemed to have been satisfied if form. such information or matter is rendered or made available in an e-form and accessible so as to be usable for a subsequent reference. reference. Recognition of Digital Signatures :- Section 5 of the Act mandates that if any information or any other matter is required by law to be authenticated by affixing the signature, then such requirement shall be deemed to have been satisfied if such information or matter is authenticated by means of digital signature affixed in the prescribed manner. The type of digital signature that manner. shall be used to authenticate as e-record shall be as per the rules that may be framed by the Central Government. Government.

Revised Act 2008: 2008:

In section 3 relating to interpretation clause, in the paragraph appearing at the end, for the words digital signature and Digital Signature Certificate , the words electronic signature and Electronic Signature Certificate shall respectively be substituted; substituted;

Controller of Certifying Authorities (CCA)

The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users. The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issues by a licensed CA. For this purpose it operates, the Root Certifying Authority of India ( RCAI ). The CCA also maintains the National Repository of Digital Certificates (NRDC), which contains all the certificates issues by all the CAs in the country. CCA is at the root of the trust chain in India.

Paper

IDRBT Certificate

Electronic

Future Usages of DSC with Government

1. Issuing forms and licenses 2. Filing tax returns online 3. Online Government orders/treasury orders 4. Online file movement and approval system 5. Public information records 6. E-voting 7. Online money orders

????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????