CONTENTS
Encryption
Digital signature overview
Digital Signature Creation
Hashing
How Encryption and Digital Signatures Work
Digital Signature Verifications
Legal aspects
Advantages of digital signature
Disadvantages of digital signature
ENCRYPTION
Encryption is the conversion of data into a form, called a
CIPHER Text .The use of encryption/decryption is as old as the art
of communication. It is especially important in wireless
communications. Encryption/decryption is a good idea when carrying
out any kind of sensitive transaction.
Ex: A credit-card purchase online , or the discussion of a
company secret between different departments in the
organization.
TYPES OF ENCRYPTION
Private key encryption
Private key means that each computer has a secret key (code)
that it can use to encrypt a packet of information before it is
sent over the network to the other computer.
Public Key encryption
Public key encryption uses a combination of a private key and a
public key. The key is based on a hash value. This is a value that
is computed from a base input number using a hashing algorithm.
SIMPLE ENCRYPTION EXAMPLE
Encryption depends on modifying or scrambling messages. So a key
is necessary to understand the message. If the original message is
GOD IS GREATthen the encrypted version depends on the key as
follows:
(key = 1) HPE JT HSFBU
(key = 2) IQF KU ITGCV
(key = 3) JRG LV JSHDW
DIGITAL SIGNATURES
Adigital signatureordigital signature schemeis a mathematical
scheme for demonstrating the authenticity of a digital message or
document. A valid digital signature gives a recipient reason to
believe that the message was created by a known sender, such that
the sender cannot deny having sent the message
(authenticationandnon-repudiation) and that the message was not
altered in transit (integrity). Digital signatures are commonly
used for software distribution, financial transactions, and in
other cases where it is important to detect forgery or tampering.
It can be used with any kind of message, whether it is encrypted or
not, simply so that the receiver can be sure of the sender's
identity and that the message arrived is intact.
Digital signatures are often used to implementelectronic
signatures, a broader term that refers to any electronic data that
carries the intent of a signature,but not all electronic signatures
use digital signatures. In some countries, including the United
States, India, Brazil,and members of theEuropean Union, electronic
signatures have legal significance.
Digital signatures employ a type ofasymmetric cryptography. For
messages sent through a nonsecure channel, a properly implemented
digital signature gives the receiver reason to believe the message
was sent by the claimed sender. In many instances, common with
Engineering companies for example, digital seals are also required
for another layer of validation and security. Digital seals and
signatures are equivalent to handwritten signatures and stamped
seals.Digital signatures are equivalent to traditional handwritten
signatures in many respects, but properly implemented digital
signatures are more difficult to forge than the handwritten type.
Digital signature schemes, in the sense used here, are
cryptographically based, and must be implemented properly to be
effective. Digital signatures can also providenon-repudiation,
meaning that the signer cannot successfully claim they did not sign
a message, while also claiming theirprivate keyremains secret;
further, some non-repudiation schemes offer a time stamp for the
digital signature, so that even if the private key is exposed, the
signature is valid. Digitally signed messages may be anything
representable as abitstring: examples includeelectronic
mail,contracts, or a message sent via some othercryptographic
protocol.
CREATION OF DIGITAL SIGNATURES
A digital signature scheme typically consists of three
algorithms:
1. HASHING algorithm.
2. Signature Generation Algorithm
3. Asignature verifyingalgorithm that, given a message, public
key and a signature, either accepts or rejects the message's claim
to authenticity.
Hashing
Hashing is the transformation of a string ofcharacters into a
usually shorter fixed-length value or key that represents the
original string.As a simple example of the using of hashing in
databases, a group of people could be arranged in a database like
this:
Abernathy Sara, Epperdingle Roscoe, Moore Wilfred, Smith David
(and many more sorted into alphabetical order)
After Hashing, each of them will be replaced by a 4 digit number
(in this case)
7864=> Abernathy Sara 9802=> Epperdingle Roscoe 1990=>
Moore Wilfred 8822=> Smith David (and so forth).
Hashing Algorithm
The formula for hashing depends on two inputs:
the sequence of characters representing the electronic data is
to be signed
a secret number is referred to as a signature's private key
associated with the signing party and to which only that party has
access to.
Some simple Hash Functions are:
1. The division-remainder method
2. Folding
3. Radix transformation
4. Digit rearrangement
Methods of Encryption based on Privacy
Encryption scrambles or modifies a message or document so it
cannot be read and understood, except by the intended recipient. A
key is necessary to reverse the scrambling or modification, to make
the message readable.
Methods of Encryption based on Privacy are as follows:
a message may be digitally signed, but not encrypted
a message may be encrypted first, then digitally signed
a message may be digitally signed first, then encrypted
Prerequisites to create a digital signature
1. Public-private digital key pair.
2. Certificate Authority.
The public key certificate creates proof of the identity of the
signer by using the services of a certificate authority.
3. A certificate authority uses a variety of processes to
associate the particular public key with an individual.
The combination of public key and proof of identity result in a
public key certificate - also called a signer's certificate
Digital Signature Verification:
It is the process of checking the digital signature by the
reference to the original message and a given public key. Verifying
also relies on a formula. Here, the formula depends on three
inputs:
1. The sequence of characters representing the supposedly
originally signed electronic data
2. The public key of the signing party
3. The value representing the supposedly authentic digital
signature.
The output of the formula is a simple answer: YES or NO.
LEGAL ASPECTS OF DIGITAL SIGNATURES
The digital signature is that which makes a document a legal
one. It is a representation of assuring that the document meets all
legal requirements and is authentic in its framework. The actual
digital signature provides the following:
Evidence
Ceremony
Approval
Efficiency
Applications of digital signatures
As organizations move away from paper documents with ink
signatures or authenticity stamps, digital signatures can provide
added assurances of the evidence to provenance, identity, and
status of an electronic document as well as acknowledging informed
consent and approval by a signatory..
Below are some common reasons for applying a digital signature
to communications:
Authentication
Although messages may often include information about the entity
sending a message, that information may not be accurate. Digital
signatures can be used to authenticate the source of messages. When
ownership of a digital signature secret key is bound to a specific
user, a valid signature shows that the message was sent by that
user. The importance of high confidence in sender authenticity is
especially obvious in a financial context. For example, suppose a
bank's branch office sends instructions to the central office
requesting a change in the balance of an account. If the central
office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave
mistake.
Integrity
In many scenarios, the sender and receiver of a message may have
a need for confidence that the message has not been altered during
transmission. Although encryption hides the contents of a message,
it may be possible tochangean encrypted message without
understanding it. (Some encryption algorithms, known
asnonmalleableones, prevent this, but others do not.) However, if a
message is digitally signed, any change in the message after
signature invalidates the signature. Furthermore, there is no
efficient way to modify a message and its signature to produce a
new message with a valid signature, because this is still
considered to be computationally infeasible by most cryptographic
hash functions .
Non-repudiation
Non-repudiation, or more specificallynon-repudiation of origin,
is an important aspect of digital signatures. By this property, an
entity that has signed some information cannot at a later time deny
having signed it. Similarly, access to the public key only does not
enable a fraudulent party to fake a valid signature.
ADVANTAGES OF DIGITAL SIGNATURES
The following are the main benefits of using digital
signatures:
Speed: Businesses no longer have to wait for paper documents to
be sent by courier. Contracts are easily written, completed, and
signed by all concerned parties in a little amount of time no
matter how far the parties are geographically.
Costs: Using postal or courier services for paper documents is
much more expensive compared to using digital signatures on
electronic documents.
Security: The use of digital signatures and electronic documents
reduces risks of documents being intercepted, read, destroyed, or
altered while in transit.
Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed
paper document.
Tracking: A digitally signed document can easily be tracked and
located in a short amount of time.
Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later
denied.
Imposter prevention: No one else can forge your digital
signature or submit an electronic document falsely claiming it was
signed by you.
Time-Stamp: By time-stamping your digital signatures, you will
clearly know when the document was signed.
DISADVANTAGES OF DIGITAL SIGNATURES
Just like all other electronic products, digital signatures have
some disadvantages that go with them. These include:
Expiry: Digital signatures, like all technological products, are
highly dependent on the technology it is based on. In this era of
fast technological advancements, many of these tech products have a
short shelf life.
Certificates: In order to effectively use digital signatures,
both senders and recipients may have to buy digital certificates at
a cost from trusted certification authorities.
Software: To work with digital certificates, senders and
recipients have to buy verification software at a cost.
Law: In some states and countries, laws regarding cyber and
technology-based issues are weak or even non-existent. Trading in
such jurisdictions becomes very risky for those who use digitally
signed electronic documents.
Compatibility: There are many different digital signature
standards and most of them are incompatible with each other and
this complicates the sharing of digitally signed documents.
B.R.C.M COLLEGE OF BUSINESS ADMINISTRATION
ASSIGNMENT I
COMPUTER APPLICATION IV
S.Y B.B.A DIV- III
NAME: JWALANT SINGH KHENGER ROLL NO: 206
RIDHIMA SARAF : 210
SALONI SHAH : 220
RENU SHARMA : 226
POOJAN ZAVERI : 253
TOPIC: DIGITAL SIGNATURE
SUBMITTED TO: MRS. PAYAL SAXENA
SUBMISSION DATE: 21 FEBRUARY, 2015
