Scribd Logo
Upload

Welcome to Scribd!

  • Digital Signature

    Uploaded by

    Aakash Saxena
    61 views14 pages
    A digital signature is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key is tied to a user by a digital identity certificate issued by a certificate authority.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A digital signature is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key is tied to a user by a digital identity certificate issued by a certificate authority.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    61 views14 pages

    Digital Signature

    Uploaded by

    Aakash Saxena
    A digital signature is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key is tied to a user by a digital identity certificate issued by a certificate authority.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Presentation on Digital Signature & Digital Certificates By:- Aakash Saxena Ankit Kumar

    Digital Signature
    A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature. Digital signatures, like written signatures, are used to provide authentication of the associated input, usually called a "message." Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol.

    Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key is tied to a user by a digital identity certificate issued by a certificate authority. PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of identification. Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, and in the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified.

    Uses of digital signatures As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory. Below are some common uses of a digital signature : Authentication- Although messages may often include information about the entity sending a message, that information may not be accurate. Digital signatures can be used to authenticate the source of messages. Integrity- In many scenarios, the sender and receiver of a message may have a need for confidence that the message has not been altered during transmission. Non-repudiation- Non-repudiation is an important aspect of digital signatures. By this property an entity that has signed some information cannot at a later time deny having signed it

    What is a Digital Signature?

    (Bob's public key) Bob

    (Bob's private key)

    Bob has been given two keys. One of Bob's keys is called a Public Key, the other is called a Private Key.

    Bob's Co-workers:
    Anyone can get Bob's Public Key, but Bob

    Pat

    Doug Susan

    keeps his Private Key to himself.

    Bob's Public key is available to anyone who needs it, but he keeps his Private Key to himself. Keys are used to encrypt information. Encrypting information means "scrambling it up", so that only a person with the appropriate key can make it readable again. Either one of Bob's two keys can encrypt data, and the other key can decrypt that data. Susan (shown below) can encrypt a message using Bob's Public Key. Bob uses his Private Key to decrypt the message. Any of Bob's coworkers might have access to the message Susan encrypted, but without Bob's Private Key, the data is worthless.
    Hey Bob, how about lunch at Taco Bell. I hear they have free refills! "HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEiC 0QYIh/Hn3xgiK BcyLK1UcYiY

    HNFmsEm6Un BejhhyCGKOK JUxhiygSBCEi 0QYIh/Hn3xgiK BcyLK1UcYiY

    "Hey Bob, how about lunch at Taco Bell. I hear they have free refills

    With his private key and the right software, Bob can put digital signatures on documents and other data. A digital signature is a "stamp" Bob places on the data which is unique to Bob, and is very difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected.

    To sign a document, Bob's software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.)

    Bob's software then encrypts the message digest with his private key. The result is the digital signature.

    Finally, Bob's software appends the digital signature to document. All of the data that was hashed has been signed.

    Digital Certificates
    A digital certificate or identity certificate is an electronic document which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. For provable security this reliance on something external to the system has the consequence that any public key certification scheme has to rely on some special setup assumption, such as the existence of a certificate authority. .

    Certificates can be created for Unix-based servers with tools such as OpenSSL's ca command. or SuSE's gensslcert. These may be used to issue unmanaged certificates, Certification Authority (CA) certificates for managing other certificates, and user and/or computer certificate requests to be signed by the CA, as well as a number of other certificate related functions. Similarly, Microsoft Windows 2000 Server and Windows Server 2003 contain a Certification Authority (CA) as part of Certificate Services for the creation of digital certificates. In Windows Server 2008 the CA may be installed as part of Active Directory Certificate Services. The CA is used to manage and centrally issue certificates to users and/or computers. Microsoft also provides a number of different certificate utilities, such as SelfSSL.exe for creating unmanaged certificates, and Certreq.exe for creating and submitting certificate requests to be signed by the CA, and certutil.exe for a number of other certificate related functions.

    Contents of a typical digital certificate Serial Number: Used to uniquely identify the certificate. Subject: The person, or entity identified. Signature Algorithm: The algorithm used to create the signature. Signature: The actual signature to verify that it came from the issuer. Issuer: The entity that verified the information and issued the certificate. Valid-From: The date the certificate is first valid from. Valid-To: The expiration date. Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing). Public Key: The public key. Thumbprint Algorithm: The algorithm used to hash the public key. Thumbprint: The hash itself, used as an abbreviated form of the public key.

    Bob now passes the document on to Pat. First, Pat's software decrypts the signature (using Bob's public key) changing it back into a message digest. If this worked, then it proves that Bob signed the document, because only Bob has his private key. Pat's software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Pat knows that the signed data has not been changed.

    Plot complication...
    Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat receives a signed message and a public key that appears to belong to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob's name. Short of receiving Bob's public key from him in person, how can Pat be sure that Bob's public key is authentic? It just so happens that Susan works at the company's certificate authority center. Susan can create a digital certificate for Bob simply by signing Bob's public key as well as some information about Bob.

    Bob Info: Name Department Cubical Number Certificate Info: Expiration Date Serial Number Bob's Public Key: Now Bob's co-workers can check Bob's trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Bob's company accepts a signature for which there does not exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Susan.

    You might also like