digital signature prepared.ppt
(Size: 315.5 KB / Downloads: 84)
What Are Signatures?
Signature For Evidence:
A signature authenticates writing by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the writing becomes attributable to the signer.
Why Digital Signatures Are Needed?
Now in computer age where every thing is happening lightning fast the computer base information is utilized effectively then the paper counterpart.
Today it is not possible for us to reach every where in the world to sign a document.
We all know computer can read digital information.
In computer information stored as bits rather than as atoms of ink and paper can travel near the speed of light.
But it may be duplicated without limit and with insignificant cost.
Although the basic nature of transactions has not changed.
So legal and business communities must develop rules and practices, which use new technology to achieve and surpass the effects historically expected from paper forms.
Digital signatures are the solution of this problem.
Like the signature we use on written documents today, digital signatures are now being used to identify authors/co-signers of e-mail or electronic data.
How Does A Digital Signature Work?
A Digital Signature is created using a Digital Certificate.
How do Digital Certificates work?
A Digital Certificate binds a public key to an individual or organization. The binding of a public key to an individual or organization is certified by a trusted source (usually a Certification Authority or CA).
Digital Certificates are based on Public Key Cryptography, a scheme that uses public and private key pairs.
The private key is known only by the owner and is used to create a digital signature.
This key must be kept private at all times by the user.
The public key is widely known and is used to verify the digital signature.
When the owner of public key verify a digital signature, he\she can know the identify the person who has signed the message.
A public and private key is simply a pair of numbers.
This association is achieved in a Digital Certificate that binds the public key to an identity.
A Digital Certificate makes it possible to verify someone's claim that they have the right to use
A given key, helping to prevent people from using phony keys to impersonate other users.
Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties Involved in a transaction.
How Digital Signature Is Created ?
To sign a document or any other item of information, the signer first delimits precisely the borders of what is to be signed.
The delimited information to be signed is termed as message .
Then a hash function in the signer’s software computes a hash unique result (for all practical purposes) to the message. The signer’s software then transforms the hash result into a digital signature using the signer’s private key.
The resulting digital signature is thus unique to both the message and the private key used to create it.
Who Can Use A Digital Certificate?
Anyone who does transactions over the Internet and wants those to be secured.
Imagine that you are employee of a company that has a website/network with restricted access, than you will probably need a Digital Certificate to authenticate yourself on this website.
If you are tired of queuing in a bank? You want to do Home Banking? Then you also need a Certificate to authenticate yourself.
If you are developing ActiveX, or Java Applets? Then also you need a Certificate to digitally sign your applet and have people trust it!
What Is Cryptography?
Cryptography is the science of transforming information from readable (in plaintext) to information which is not readable.
In this process, information is coded (encryption) to stop it from being read or altered by anyone but the intended recipient. It may be intercepted, but it will not be intelligible to someone without the ability to decode (decryption) the message.
Encryption and decryption require a mathematical formula or "algorithm" to convert data between readable and encoded formats and a key.
What Is Public Key Cryptography?
In a public key cryptography system, two keys are required in order for two parties to exchange information in a secure fashion: a public key and a private key.
If one key is used to encrypt a message, then only the other key in the pair can be used to decrypt it.
Although the keys of the public and private key pair are mathematically related, it is computationally infeasible to derive one key from the other, so the private key is protected from duplication or forgery even when someone knows the public key.
Therefore, it is safe to openly distribute your public key for everyone to use, but it is essential that your private key remains closely guarded and secret.
The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key.
If someone wants to send you an encrypted message, they encrypt the message with your public key and you, being the sole possessor of the corresponding private key of the pair, are the only one who can decrypt it.
What Is Key?
A key is a single numeric value that is part of an algorithm for encrypting text.
It is a sequence of characters used to encode and decode a file.
For a symmetric key algorithm, the same key is used for both encryption and decryption. For public key algorithms, the publicly known key can only encrypt the messages, the privately held key must be used to decrypt the messages.
What Kind Of Keys Are Used In Digital Signatures?
Digital signatures use public key cryptography.
i.e Two keys are used to encrypt and decrypt a message.
A Digital Signature is created using a person's "private" key. The recipient checks the signature using that person's "public" key.