Digital Signature Report

7/18/2019 Digital Signature Report

http://slidepdf.com/reader/full/digital-signature-report 1/15

www.studymafa.com

A

Seminar report on

Digital Signature

Submitted in partial fulfillment of the requirement for the award of degree

Of Computer Science

SUBMITTED TO SUBMITTED B! www"#tud$mafia"com

www"#tud$mafia"com



www.studymafa.com

INTRODUCTION

The authenticit$ of man$ legal% financial% and other document# i# determined b$ the

pre#ence or ab#ence of an authori&ed handwritten #ignature" The recipient of the #igneddocument can 'erif$ the claimed identit$ of the #ender u#ing the #ignature" Al#o% if the #ender

later repudiate# the content# of the document% then recipient can u#e the #ignature to pro'e the

'alidit$ of the document"

(ith the computeri&ed me##age #$#tem# replacing the ph$#ical tran#port of paper and in)

document#% an effecti'e #olution for authentication of the electronic data i# nece##ar$" *ariou#

method# ha'e been de'i#ed to #ol'e thi# problem% but the u#e of +digital #ignature, i# definitel$the be#t #olution among#t them"

A digital #ignature i# nothing but an attachment to an$ piece of electronic information%which repre#ent# the content of the document and the identit$ of the originator of that document

uniquel$" The digital #ignature i# intended for u#e in electronic mail% electronic fund# tran#fer%

electronic data interchange% #oftware di#tribution% data #torage% and other application# whichrequire data integrit$ a##urance and data origin authentication"

(hen a me##age i# recei'ed% the recipient ma$ de#ire to 'erif$ that the me##age ha# not

been altered in tran#it" -urthermore% the recipient ma$ wi#h to be certain of the originator.#identit$" Both of the#e #er'ice# can be pro'ided b$ the digital #ignature" A digital #ignature i# an

electronic analogue of a written #ignature in that the digital #ignature can be u#ed in pro'ing to

the recipient or a third part$ that the me##age wa#% in fact% #igned b$ the originator" Digital#ignature# ma$ al#o be generated for #tored data and program# #o that the integrit$ of the data

and program# ma$ be 'erified at an$ later time"

Although there are 'ariou# approache# to implement the digital #ignature% thi# report

di#cu##e# the +Digital Signature Standard," It #pecifie# the Digital Signature Algorithm /DSA0

which i# appropriate for application# requiring a digital rather than written #ignature" The DSA i#con#idered a# the #tandard procedure to generate and 'erif$ digital #ignature#" A DSA digital

#ignature i# a pair of large number# repre#ented in a computer a# #tring# of binar$ digit#"

The fir#t #ection of thi# report deal# with the ba#ic requirement# for u#ing the digital

#ignature" The ne1t #ection# contain detailed e1planation of the proce## of generation and'erification of the digital #ignature" In addition to thi# the application# of the digital Signature are

al#o di#cu##ed" The report al#o focu#e# on #ome legal a#pect# of digital #ignature% with referenceto the Information Technolog$ Act" The u#e of digital #ignature ha# been illu#trated with an

e1ample in a practical #cenario"

Thi# report i# an attempt to ma)e the reader# familiar with the concept# related to the digital#ignature and gi'e them an idea of u#efulne## of a digital #ignature in the world of electronic

information e1change"



www.studymafa.com

HISTORY

It i# probabl$ not #urpri#ing that the in'entor# of writing% the Sumerian#% were al#o thein'entor# of an authentication mechani#m" The Sumerian# u#ed intricate #eal#% applied into their

cla$ cuneiform tablet# u#ing roller#% to authenticate their writing#" Seal# continued to be u#ed a#

the primar$ authentication mechani#m until recent time#"

U#e of #ignature# i# recorded in the Talmud /fourth centur$0% complete with #ecurit$ procedure# to pre'ent the alteration of document# after the$ are #igned" The Talmud e'en

de#cribe# u#e of a form of 2#ignature card2 b$ witne##e# to deed#" The practice of authenticating

document# b$ affi1ing handwritten #ignature# began to be u#ed within the 3oman Empire in the$ear AD 456% during the rule of *alentinian III" The #ub#cripto 7 a #hort handwritten #entence at

the end of a document #tating that the #igner 2#ub#cribed2 to the document 7 wa# fir#t u#ed for

authenticating will#" The practice of affi1ing #ignature# to document# #pread rapidl$ from thi#

initial u#age% and the form of #ignature# /a hand7written repre#entation of one,# own name0remained e##entiall$ unchanged for o'er 8%499 $ear#" It i# from thi# 3oman u#age of #ignature#

that the practice obtained it# #ignificance in (e#tern legal tradition"

What is digital signature

Ba#icall$% the idea behind digital #ignature# i# the #ame a# $our handwritten #ignature"

!ou u#e it to authenticate the fact that $ou promi#ed #omething that $ou can.t ta)e bac) later" A

digital #ignature doe#n.t in'ol'e #igning #omething with a pen and paper then #ending it o'er the

Internet" But li)e a paper #ignature% it attache# the identit$ of the #igner to a tran#action" :a'ing adigital certificate i# li)e u#ing $our dri'er.# licen#e to 'erif$ $our identit$" Similarl$% $our digital

certificate pro'e# $our online identit$ to an$bod$ who accept# it"

A digital #ignature can al#o be u#ed to 'erif$ that information ha# not been altered after

it wa# #igned" A digital #ignature i# an electronic #ignature to be u#ed in all imaginable t$pe of electronic tran#fer" Digital #ignature #ignificantl$ differ# from other electronic #ignature# in term

of proce## and re#ult#" The#e difference# ma)e digital #ignature more #er'iceable for legal

purpo#e#"

Digital #ignature# are ba#ed on mathematical algorithm#" The#e require the

#ignature holder to ha'e two )e$# /one pri'ate and the public0 for #igning and 'erification "A

'erifiable tru#tworth$ entit$ called certification authorit$ create# and di#tribute# #ignature#" A



www.studymafa.com

digital #ignature i# a cr$ptographic mean# through which man$ of the#e ma$ be 'erified" The

digital #ignature of a document i# a piece of information ba#ed on both the document and the#igner,# pri'ate )e$" It i# t$picall$ created through the u#e of a ha#h function and a pri'ate

#igning function /encr$pting with the #igner,# pri'ate )e$0" Digital Signature# and hand ; written

#ignature# both rel$ on the fact that it i# 'er$ hard to find two people with the #ame #ignature"

<eople u#e public ;)e$ cr$ptograph$ to compute digital #ignature# b$ a##ociating #omethingunique with each per#on" (hen public7)e$ cr$ptograph$ i# u#ed to encr$pt a me##age% the #ender

encr$pt# the me##age with the public )e$ of the intended recipient" (hen public 7)e$cr$ptograph$ i# u#ed to calculate a digital #ignature% the #ender encr$pt# the =digital fingerprint>

of the document with hi# or her own pri'ate )e$" An$one with acce## to the public )e$ of the

#igner ma$ 'erif$ the #ignature"

In practice% public7)e$ algorithm# are often too inefficient for #igning long document#" To #a'etime% digital #ignature protocol# u#e a cr$ptographic dige#t% which i# a one7wa$ ha#h of the

document" The ha#h i# #igned in#tead of the document it#elf" Both the ha#hing and digital

#ignature algorithm# are agreed upon beforehand" :ere i# a #ummar$ of the proce##

8" A one7wa$ ha#h of the document i# produced"?" The ha#h i# encr$pted with the pri'ate )e$% thereb$ #igning the document"

5" The document and the #igned ha#h are tran#mitted"

4" The recipient produce# a one7wa$ ha#h of the document"@" U#ing the digital #ignature algorithm% the recipient decr$pt# the #igned ha#h with the #ender.#

public )e$"

If the #igned ha#h matche# the recipient.# ha#h% the #ignature i# 'alid and the document i# intact"

There i# a potential problem with thi# t$pe of digital #ignature" Alice not onl$ #igned the

me##age #he intended to but al#o #igned all other me##age# that happen to ha#h to the #ameme##age dige#t" (hen two me##age# ha#h to the #ame me##age dige#t it i# called a colli#ion the

colli#ion7free propertie# of ha#h function# are a nece##ar$ #ecurit$ requirement for mo#t digital

#ignature #cheme#" A ha#h function i# #ecure if it i# 'er$ time con#uming% if at all po##ible% tofigure out the original me##age gi'en it# dige#t" :owe'er% there i# an attac) called the birthda$

attac) that relie# on the fact that it i# ea#ier to find two me##age# that ha#h to the #ame 'alue than

to find a me##age that ha#he# to a particular 'alue" It# name ari#e# from the fact that for a groupof ?5 or more people the probabilit$ that two or more people #hare the #ame birthda$ i# better

than @9"

(hen #oftware /code0 i# a##ociated with publi#her,# unique #ignature% di#tributing

#oftware on the Internet i# no longer an anon$mou# acti'it$" Digital #ignature# en#ureaccountabilit$% u#t a# a manufacturer,# brand name doe# on pac)aged #oftware" If an

organi&ation or indi'idual want# to u#e the Internet to di#tribute #oftware% the$ #hould be willing

to ta)e re#pon#ibilit$ for that #oftware" Thi# i# ba#ed on the premi#e that accountabilit$ i# a

deterrent to the di#tribution of harmful code"

BASIC REQUIREMENTS



www.studymafa.com

An$ indi'idual who wi#he# to u#e the digital #ignature mu#t ha'e a unique pri'ate )e$ for generation of the #ignature" The recipient# who recei'e digitall$ #igned me##age# mu#t ha'e the

public )e$% corre#ponding to the pri'ate )e$ u#ed for the generation of the digital #ignature% for

'erification of the #ignature" Al#o the recipient# mu#t obtain the digital #ignature certificate

which act# a# a proof of the a##ociation between the public )e$ and the pri'ate )e$" Once allthe#e requirement# are #ati#fied% then onl$ the #ub#criber can u#e the digital #ignature"

<ri'ate e$"

The pri'ate )e$ i# one which i# acce##ible onl$ to the #igner" It i# u#ed to generate thedigital #ignature which i# then attached to the me##age" It i# 'er$ important to ha'e a unique

pri'ate )e$ for each u#er% #o that the #ignature generated b$ that )e$ for a gi'en me##age can not

be duplicated b$ an$ other )e$"The #ecurit$ of a digital #ignature #$#tem i# dependent on maintaining the #ecrec$ of

u#er#. pri'ate )e$#" U#er# mu#t therefore guard again#t the unauthori&ed acqui#ition of their

pri'ate )e$#"

<ublic e$"

The public )e$ i# made a'ailable to all tho#e who recei'e the #igned me##age# from the

#ender" It i# u#ed for 'erification of the recei'ed me##age" Although the public )e$ i# uniquel$a##ociated with the pri'ate )e$% there i# no recogni&able #imilarit$ between them" Thi# i# done

purpo#efull$ to a'oid di#co'er$ of the pri'ate )e$ from the public )e$" Thu# the holder of a

public )e$ can u#t 'erif$ the me##age recei'ed from the #ender" An$ per#on who digitall$ #ign#hi# me##age# mu#t di#tribute the public )e$ to the recipient# of hi# me##age#% #o that the$ can

'erif$ the 'alidit$ of the#e me##age#"

Digital Signature Certificate"

A #ub#criber of the pri'ate )e$ and public )e$ pair ma)e# the public )e$ a'ailable to all

tho#e who are intended to recei'e the #igned me##age# from the #ub#criber" But in ca#e of an$di#pute between the two #ide#% there mu#t be #ome entit$ with the recei'er which will allow the

recei'er of the me##age to pro'e that the me##age wa# indeed #ent b$ the #ub#criber of the )e$

pair" Thi# can be done with the Digital Signature Certificate" Thi# certificate li#t# the #ub#criber,# public )e$" So% it act# a# a binding between the pri'ate and public )e$#" An$ me##age 'erified b$



www.studymafa.com

the public )e$ li#ted on the certificate i# implicitl$ a##umed to be #igned and #ent b$ the

corre#ponding #ub#criber"

A digital #ignature certificate i# i##ued b$ the Certif$ing Authorit$ to the applicant#" -or

obtaining thi# certificate the applicant mu#t produce the pri'ate )e$ and public )e$ pair before

the certif$ing authorit$" After chec)ing the functioning of the )e$ pair the certif$ing authorit$i##ue# a certificate to the applicant"

HOW THE TECHNOLOY WOR!S

Digital #ignature# require the u#e of public7)e$ cr$ptograph$ "If $ou are going to#ign #omething% digitall$% $ou need to obtain both a public )e$ and a pri'ate )e$" The pri'ate )e$

i# #omething $ou )eep entirel$ to $our#elf" !ou #ign the document u#ing $our pri'ate )e$7 which

i# reall$ u#t a )ind of code7then $ou gi'e the per#on /the merchant of the web#ite where $ou bought #omething or the ban) lending $our mone$ to bu$ a hou#e0 who need# to 'erif$ $our

#ignature $our corre#ponding public )e$" :e u#e# $our public )e$ to ma)e #ure $ou are who $ou

#a$ $ou are" The public )e$ and pri'ate )e$ are related% but onl$ mathematicall$% #o )nowing

$our pri'ate )e$" In fact% it,# nearl$ impo##ible to figure out $our pri'ate )e$ from $our public)e$"

The #ender accompli#he# the proce## of creating a digital #ignature" The recei'er of the

digital #ignature perform# the 'erification of the digital #ignature"

A""ROACHES



www.studymafa.com

A 'ariet$ of approache# ha'e been propo#ed for digital #ignature function" The#e approache# fall

into two categorie#

• Direct approach

• Arbitrated approach

Dire#t digital signature$

A direct digital #ignature in'ol'e# onl$ the communication partie# /#ource and

de#tination0" It i# a##umed that the de#tination )now# the public )e$ of the #ource" A digital

#ignature ma$ be formed b$ encr$pting the entire me##age with the #ender,# pri'ate )e$ or b$encr$pting the ha#h code of the me##age with the #ender,# pri'ate )e$"

Confidentialit$ can be pro'ided b$ further encr$pting the entire me##age plu# #ignature

with either the recei'er,# public )e$ or a #hared #ecret )e$" It i# important to perform the

#ignature function fir#t and then an outer confidentialit$ function" In ca#e of di#pute #ome third part$ mu#t 'iew the me##age and #ignature" If the #ignature i# calculated on an encr$pted

me##age% the third part$ al#o need# acce## to the decr$ption )e$ to read the original me##age"

All direct #cheme# de#cribed #o far ha'e a common flaw

The 'alidit$ of the #cheme depend# on the #ecurit$ of the #ender,# pri'ate )e$" If a #ender

later wi#he# to den$ #ending a particular me##age% he can claim that the pri'ate )e$ wa# lo#t or #tolen and that #omeone el#e forged hi# #ignature"

Admini#trati'e control# relating to the #ecurit$ of pri'ate )e$# can be emplo$ed to thwart

or at lea#t wea)en thi# plo$" One e1ample i# to require e'er$ #igned me##age to include atime#tamp /date and time0 and to require prompt reporting to compromi#e )e$# b$ a central

authorit$" Another threat i# that the pri'ate )e$ might be #tolen from #ender at time T" The

opponent can then #end a me##age #igned with ,# #ignature and #tamped with a time before or

equal to T"

Ar%itrated digital signature$

The problem# a##ociated with direct digital #ignature# can be addre##ed b$ u#ing an

arbiter" A# with direct #ignature #cheme#% there are a 'ariet$ of arbitrated #ignature #cheme#" Ingeneral term#% the#e all operate a# follow# e'er$ #igned me##age from #ender to the recei'er !

goe# fir#t to the arbiter A% who #ubect# the me##age and it# #ignature to the number of te#t# to

chec) it# origin and content" The me##age i# then dated and #end# to ! with an indication that itha# been 'erified to the #ati#faction of the arbiter" (ith the pre#ence of arbiter A% there are no

chance# of a #ender to di#owning the me##age% a# i# the ca#e with the direct digital #ignature#"



www.studymafa.com

The arbiter pla$# a crucial role in arbitrated digital #ignature# and all partie# mu#t ha'e a

great deal of tru#t that the arbitration mechani#m wor)ing properl$" The u#e of a tru#ted #$#temmight #ati#f$ thi# requirement"

"UR"OSE O& DIITAL SINATURE

• Signer authenti#ati'n $

If public and pri'ate )e$# are a##ociated with an identified #igner%

the digital #ignature attribute# the me##age to the #igner" The digital #ignature cannot be forged%unle## the #igner lo#e# control of the pri'ate )e$"

Message authenti#ati'n $

Digital #ignature identifie# the #igned me##age with far greater

certaint$ and preci#ion than paper #ignature#" *erification re'eal# an$ tempering #ince thecompari#on of ha#h re#ult #how# whether the me##age i# the #ame a# when #igned"

N'n(re)udiati'n $

Creating a digital #ignature require# the #igner to u#e hi# pri'ate

)e$" Thi# alter# the #igner that he i# con#ummating a tran#action with legal con#equence#%

decrea#ing the chance# of litigation later on"

• Integrit* $

Digital #ignature creation and 'erification proce##e# pro'ide a high le'el ofa##urance that the digital #ignature i# that of the #igner" Compared to tediou# and labor inten#i'e

paper method#% #uch a# chec)ing #ignature card#% digital #ignature# $ield a high degree of

a##urance without adding re#ource# for proce##ing"

DIITAL SINATURE ALORITHM

The digital #ignature algorithm #pecifie# the procedure to generate and 'erif$ the digital

#ignature"



www.studymafa.com

Digital Signature Feneration"

The abo'e diagram #how# the proce## of Digital Signature Feneration" It con#i#t#

of following #tep#78" The u#er of Digital Signature can u#e thi# facilit$ optionall$" So if he choo#e# to #end the

me##age without a #ignature% then the me##age i# directl$ #end to the other end" But% if he wi#he#

to digitall$ #ign the me##age% then he i# a#)ed for the <ri'ate e$ b$ the digital #ignatureFeneration #$#tem"

?" A Secure :a#h Algorithm /S:A0 i# u#ed in the #ignature generation proce## to obtain aconden#ed 'er#ion of me##age% called a me##age dige#t" The S:A i# #uch that it generate#different me##age dige#t for each different me##age" In other word#% no two me##age# ha'e the

#ame me##age dige#t"

5" The DSA #ign unit accept# the me##age dige#t from the S:A and the pri'ate )e$ from the

u#er" Then a digital #ignature i# generated a# a function of both% the pri'ate )e$ and the me##age

dige#t" Gumber of other parameter# called a# DSA parameter#% are al#o u#ed in thi# proce##"The#e parameter# are di#cu##ed in detail# in the ne1t #ection"

4" Once a #ignature i# generated% it i# attached to the original me##age" Then thi# me##age i#

#end to the other end"

Digital Signature *erification"



www.studymafa.com

The abo'e diagram #how# the proce## of Digital Signature *erification" It con#i#t# of

following #tep#7

8" A u#er can recei'e me##age# from different #ender#" Some of them ma$ be u#ing a digital

#ignature and #ome ma$ not" If a me##age i# not digitall$ #igned then the u#er accept# it withoutan$ 'erification" But in ca#e of digitall$ #igned me##age% he can 'erif$ the me##age with the help

of public )e$ corre#ponding to the #ender"

?" The recei'ed me##age i# fed to the S:A for generation of the me##age dige#t" The S:A u#ed b$ the recei'er mu#t be #ame a# that u#ed b$ the #ender" So% if the me##age content remain#

unaltered during the tran#port% then S:A will generate the #ame me##age dige#t"

5" The DSA 'erif$ unit accept# the me##age dige#t from the S:A and the public )e$ from therecei'er" U#ing the DSA parameter#% public )e$% me##age dige#t the recei'ed digital #ignature i#

'erified" If the #ignature get# 'erified% then integrit$ of the me##age a# well a# the identit$ of

#ender i# confirmed" But if it doe#n,t get 'erified% then either the me##age ha# been corruptedduring the tran#port or the pri'ate )e$ u#ed i# not matching with the public )e$" In either ca#e the

me##age i# con#idered in'alid and #hould be reected b$ the recei'er"

Secure :a#h Algorithm

Thi# Standard #pecifie# a Secure :a#h Algorithm /S:A0% for computing a conden#edrepre#entation of a me##age or a data file" (hen a me##age of an$ length H ?4 bit# i# input% the

S:A produce# a 897bit output called a me##age dige#t" The me##age dige#t can then be input to

the Digital Signature Algorithm /DSA0 which generate# or 'erifie# the #ignature for the me##age"

Signing the me##age dige#t rather than the me##age often impro'e# the efficienc$ of the proce## becau#e the me##age dige#t i# u#uall$ much #maller in #i&e than the me##age" The #ame ha#h

algorithm mu#t be u#ed b$ the 'erifier of a digital #ignature a# wa# u#ed b$ the creator of the

digital #ignature"



www.studymafa.com

The S:A i# called #ecure becau#e it i# computationall$ infea#ible to find a me##age

which corre#pond# to a gi'en me##age dige#t% or to find two different me##age# which produce

the #ame me##age dige#t" An$ change to a me##age in tran#it will% with 'er$ high probabilit$%re#ult in a different me##age dige#t% and the #ignature will fail to 'erif$"

DSA "ARAMETERS

Specification of parameter#"

The DSA /Digital Signature Algorithm0 ma)e# u#e of the following parameter#

8" p i# a prime number% where ?J78 H p H ?J for @8? HK J HK 89?4 and J a multiple of 4"

?" q i# a prime di'i#or of p 7 8% where ?8@6 H q H ?89 "5" g K h/p780Lq mod p% where h i# an$ integer with 8 H h H p 7 8 #uch that

h/p780Lq mod p 8 /g ha# order q mod p0

4" 1 K a randoml$ generated integer with 9 H 1 H q

@" $ K g1 mod p" ) K a randoml$ or generated integer with 9 H ) H q

The integer# p% q% g can be public and the$ can be common to a group of u#er#" A u#er.# pri'ate and public )e$# are 1 and $% re#pecti'el$" The$ are normall$ fi1ed for a period of time"

<arameter# 1 and ) are u#ed for #ignature generation onl$% and mu#t be )ept #ecret" <arameter )

mu#t be regenerated for each #ignature"

Signature Feneration"

The #ignature of a me##age M i# the pair of number# r and # computed according to the

equation# below"

r K /g) mod p0 mod q and



www.studymafa.com

# K /) 78/S:A /M0 N 1r00 mod q"

The 'alue of S:A /M0 i# a 897bit #tring output b$ the Secure :a#h Algorithm" -or u#e in

computing #% thi# #tring mu#t be con'erted to an integer" A# an option% one ma$ wi#h to chec) if r

K 9 or # K 9" If either r K 9 or # K 9% a new 'alue of ) #hould be generated and the #ignature

#hould be recalculated /it i# e1tremel$ unli)el$ that r K 9 or # K 9 if #ignature# are generated properl$0"

The #ignature i# tran#mitted along with the me##age to the 'erifier"

Signature *erification"

<rior to 'erif$ing the #ignature in a #igned me##age% p% q and g plu# the #ender.# public )e$ and

identit$ are made a'ailable to the 'erifier in an authenticated manner"

Jet M.% r. and #. be the recei'ed 'er#ion# of M% r% and #% re#pecti'el$% and let $ be the public )e$

of the #ignator$" To 'erifier fir#t chec)# to #ee that 9 H r. H q and 9 H #. H q if either condition i#'iolated the #ignature #hall be reected" If the#e two condition# are #ati#fied% the 'erifiercompute#

w K /#.078 mod q

u8 K //S:A /M.0 w0 mod qu? K //r.0 w0 mod q

' K ///g0u8 /$0u? 0 mod p0 mod q"

If ' K r.% then the #ignature i# 'erified and the 'erifier can ha'e high confidence that the recei'ed

me##age wa# #ent b$ the part$ holding the #ecret )e$ 1 corre#ponding to $" -or a proof that ' K r.

when M. K M% r. K r% and #. K #% #ee Appendi18"

If ' doe# not equal r.% then the me##age ma$ ha'e been modified% the me##age ma$ ha'e been

incorrectl$ #igned b$ the #ignator$% or the me##age ma$ ha'e been #igned b$ an impo#tor" Theme##age #hould be con#idered in'alid"

Challenge# and Opportunitie#

The pro#pect of full$ implementing digital #ignature# in general commerce pre#ent# both benefit#and co#t#" The co#t# con#i#t mainl$ of

• In#titutional o'erhead The co#t of e#tabli#hing and utili&ing certification authoritie#%

repo#itorie#% and other important #er'ice#% a# well a# a##uring qualit$ in the performance of their

function#"

• Sub#criber and 3el$ing <art$ Co#t# A digital #igner will require #oftware% and will

probabl$ ha'e to pa$ a certification authorit$ #ome price to i##ue a certificate" :ardware to



www.studymafa.com

#ecure the #ub#criber.# pri'ate )e$ ma$ al#o be ad'i#able" <er#on# rel$ing on digital #ignature#

will incur e1pen#e# for 'erification #oftware and perhap# for acce## to certificate# and certificatere'ocation li#t# /C3J0 in a repo#itor$"

On the plu# #ide% the principal ad'antage to be gained i# more reliable authentication of

me##age#" Digital #ignature# if properl$ implemented and utili&ed offer promi#ing #olution# tothe problem# of

• Impo#ter#% b$ minimi&ing the ri#) of dealing with impo#ter# or per#on# who attempt to

e#cape re#pon#ibilit$ b$ claiming to ha'e been imper#onated

• Me##age integrit$% b$ minimi&ing the ri#) of undetected me##age tampering and forger$%

and of fal#e claim# that a me##age wa# altered after it wa# #ent"

A""LICATIONS O& DIITAL SINATURE

The #cope of Digital Signature i# not u#t limited to e1change of me##age#" The

handwritten #ignature i# commonl$ u#ed in all )ind# of application# to pro'e the identit$ of the#igner" In the #ame wa$% a digital #ignature can be u#ed for all )ind# of electronic record#" An$

field in which the integrit$ and 'alidit$ of the data i# crucial% can ma)e u#e of a DigitalSignature" :ere we di#cu## a few of the#e application#"

+,Ele#tr'ni# Mail,

(hen we #end an e7mail to a mailbo1% it i# de#ired that the owner of the mailbo1 #hould

get the e7mail in it# original form" If during tran#port% the content change# either accidentall$ ordue to intru#ion b$ a third part$% then the recei'ing end #hould be able to recogni&e thi# change in

the content" Al#o no per#on #hould be able to #end e7mail in the di#gui#e of another per#on" Both

the#e factor# are ta)en care of b$ the Digital #ignature" An$ change in the e7mail will affect theme##age dige#t generated b$ the S:A and thu# the digital #ignature will be mar)ed a# un'erified"So the recipient will reect that me##age"

-, Data st'rage,

Thi# i# one more intere#ting application of Digital Signature" Suppo#e a large amount of

data i# #tored on a computer" Onl$ authori&ed people are allowed to ma)e change# to the data" In#uch ca#e% along with the data% a #ignature can al#o be #tored a# an attachment" Thi# #ignature i#

generated from the data dige#t and the pri'ate )e$" So if an$ change# are made in the data b$

#ome unauthori&ed per#on% then the$ will get ea#il$ recogni&ed at the time of #ignature

'erification and thu# that cop$ of data will be di#carded"

.,Ele#tr'ni# /unds trans/er,

Application# li)e online ban)ing% e7commerce come under thi# categor$" In the#e

application# the information being e1changed b$ the two #ide# i# 'ital and thu# e1treme #ecrec$

and authenticit$ mu#t be maintained" A digital #ignature can en#ure the authentication of theinformation but% the #ecrec$ #hould be maintained b$ u#ing #ome encr$ption technique#" So



www.studymafa.com

before generating the me##age dige#t% the me##age #hould be encr$pted" Then the digital

#ignature i# generated and attached to the me##age" At the recei'ing end after 'erification of#ignature% the me##age i# decr$pted to reco'er the original me##age"

0,S'/t1are Distri%uti'n,Software de'eloper# often di#tribute their #oftware u#ing #ome electronic media% for

e1ample% the internet" In thi# ca#e% in order to en#ure that the #oftware remain# unmodified andit# #ource i# genuine% Digital Signature can be u#ed" The de'eloper #ign# the #oftware and the

u#er# 'erif$ the #ignature before u#ing it" If #ignature get# 'erified% then onl$ the u#er# can be

#ure about the 'alidit$ of that #oftware"

DRAWBAC!S O& USIN DIITAL SINATURE

Although the digital #ignature technique i# a 'er$ effecti'e method of maintainingintegrit$ and authentication of data% there are #ome drawbac)# a##ociated with thi# method" The$

are di#cu##ed in thi# #ection"

8" The pri'ate )e$ mu#t be )ept in a #ecured manner" The lo## of pri'ate )e$ can cau#e

#e'ere damage #ince% an$one who get# the pri'ate )e$ can u#e it to #end #igned me##age# to the

public )e$ holder# and the public )e$ will recogni&e the#e me##age# a# 'alid and #o the recei'er#

will feel that the me##age wa# #ent b$ the authentic pri'ate )e$ holder"

?" The proce## of generation and 'erification of digital #ignature require# con#iderable

amount of time" So% for frequent e1change of me##age# the #peed of communication will reduce"

5" (hen the digital #ignature i# not 'erified b$ the public )e$% then the recei'er #impl$

mar)# the me##age a# in'alid but he doe# not )now whether the me##age wa# corrupted or thefal#e pri'ate )e$ wa# u#ed"

4" -or u#ing the digital #ignature the u#er ha# to obtain pri'ate and public )e$% the recei'erha# to obtain the digital #ignature certificate al#o" Thi# require# them to pa$ additional amount of

mone$"



www.studymafa.com

CONCLUSION

Digital #ignature# are difficult to under#tand" Digital #ignature# will be championed b$ man$

pla$er# that the public di#tru#t#% including national #ecurit$ agencie#% law enforcement agencie#%

and con#umer mar)eting companie#" Digital #ignature# will ine'itabl$ be a##ociated with card#"

Digital #ignature# will ine'itabl$ be a##ociated with biometric identifier#"

A# a re#ult% it appear# that digital technolog$ i# rapidl$ becoming per'a#i'e% the public not find

thi# comforting" The$ will demand e1plicit pri'ac$ protection#% far more #ub#tantial than the

wea) and patch$ regime that i# pre#entl$ in place" The protection# are al#o quite inadequate%

though promi#ing in #ome re#pect#" Succe##ful implementation of digital #ignature# will requirefar more attention to pri'ac$ i##ue# b$ polic$7ma)er# and bu#ine## intere#t#"

Digital Signature Report

Documents

Transcript of Digital Signature Report