By, Patel Rushi N. V TH I.T. U.V.P.C.E.

 What Are Signatures? Signature For Evidence: A signature authenticates writing by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the writing becomes attributable to the signer. A handwritten signature creates probative evidence in part because of the chemical properties of ink that make it adhere to paper, and because handwriting style is quite unique to the signer How It Occur ?

 Why Digital Signatures Are Needed? Now in computer age where every thing is happening lightning fast the computer base information is utilized effectively then the paper counterpart. Today it is not possible for us to reach every where in the world to sign a document. We all know computer can read digital information. In computer information stored as bits rather than as atoms of ink and paper can travel near the speed of light. But it may be duplicated without limit and with insignificant cost.

Although the basic nature of transactions has not changed. So legal and business communities must develop rules and practices, which use new technology to achieve and surpass the effects historically expected from paper forms. Digital signatures are the solution of this problem. Like the signature we use on written documents today, digital signatures are now being used to identify authors/co-signers of or electronic data.

 How Does A Digital Signature Work? A Digital Signature is created using a Digital Certificate. How do Digital Certificates work? A Digital Certificate binds a public key to an individual or organization. The binding of a public key to an individual or organization is certified by a trusted source (usually a Certification Authority or CA). Public Key CryptographyDigital Certificates are based on Public Key Cryptography, a scheme that uses public and private key pairs. The private key is known only by the owner and is used to create a digital signature.

This key must be kept private at all times by the user. The public key is widely known and is used to verify the digital signature. When the owner of public key verify a digital signature, he\she can know the identify the person who has signed the message. A public and private key is simply a pair of numbers. This association is achieved in a Digital Certificate that binds the public key to an identity. A Digital Certificate makes it possible to verify someone's claim that they have the right to use A given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties Involved in a transaction.

 What Is Cryptography?  What Is Public Key Cryptography?  What Is Key?  What Kind Of Keys Are Used In Digital Signatures ? > > > >

How Digital Signature Is Created ? To sign a document or any other item of information, the signer first delimits precisely the borders of what is to be signed. The delimited information to be signed is termed as message. Then a hash function in the signer’s software computes a hash unique result (for all practical purposes) to the message. The signer’s software then trans­forms the hash result into a digital signature using the signer’s private key. The resulting digital signature is thus unique to both the message and the private key used to create it.

(mathematical summary)

Who Can Use A Digital Certificate? Anyone who does transactions over the Internet and wants those to be secured.  For example Imagine that you are employee of a company that has a website/network with restricted access, than you will probably need a Digital Certificate to authenticate yourself on this website. If you are tired of queuing in a bank? You want to do Home Banking? Then you also need a Certificate to authenticate yourself. If you are developing ActiveX, or Java Applets? Then also you need a Certificate to digitally sign your applet and have people trust it!

Efficiency:- The processes of creating and verifying a digital signature provide a high level of assurance that the digital signature is genuinely the signer's. As with the case of modern electronic data interchange ("EDI") the creation and verification processes are capable of complete automation (sometimes referred to as "machinable"), with human interaction required on an exception basis only. Compared to paper methods such as checking specimen signature cards -- methods so tedious and labor-intensive that they are rarely actually used in practice -- digital signatures yield a high degree of assurance without adding greatly to the resources required for processing.

The processes used for digital signatures have undergone thorough technological peer review for over a decade. Digital signatures have been accepted in several national and international standards developed in cooperation with and accepted by many corporations, banks, and government agencies. The likelihood of malfunction or a security problem in a digital signature cryptosystem designed and implemented as prescribed in the industry standards is extremely remote, and is far less than the risk of undetected forgery or alteration on paper or of using other less secure electronic signature techniques. End

Subscriber and Relying Party Costs: A digital signer will require software, and will probably have to pay a certification authority some price to issue a certificate. Hardware to secure the subscriber's private key may also be advisable. Persons relying on digital signatures will incur expenses for verification software and perhaps for access to certificates and certificate revocation lists (CRL) in a repository. On the plus side, the principal advantage to be gained is more reliable authentication of messages. Digital signatures, if properly implemented and utilized offer promising solutions to the problems of:

Imposters: by minimizing the risk of dealing with imposters or persons who attempt to escape responsibility by claiming to have been impersonated; Message integrity: by minimizing the risk of undetected message tampering and forgery, and of false claims that a message was altered after it was sent; Formal legal requirements: by strengthening the view that legal requirements of form, such as writing, signature, and an original document, are satisfied, since digital signatures are functionally on a par with, or superior to paper forms; and Open systems: by retaining a high degree of information security, even for information sent over open, insecure, but inexpensive and widely used channels.

 What Is Cryptography? Cryptography is the science of transforming information from readable (in plaintext) to information which is not readable. In this process, information is coded (encryption) to stop it from being read or altered by anyone but the intended recipient. It may be intercepted, but it will not be intelligible to someone without the ability to decode (decryption) the message. Encryption and decryption require a mathematical formula or "algorithm" to convert data between readable and encoded formats and a key. Back

What Is Public Key Cryptography? In a public key cryptography system, two keys are required in order for two parties to exchange information in a secure fashion: a public key and a private key. If one key is used to encrypt a message, then only the other key in the pair can be used to decrypt it. Although the keys of the public and private key pair are mathematically related, it is computationally infeasible to derive one key from the other, so the private key is protected from duplication or forgery even when someone knows the public key.

Therefore, it is safe to openly distribute your public key for everyone to use, but it is essential that your private key remains closely guarded and secret. The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key. If someone wants to send you an encrypted message, they encrypt the message with your public key and you, being the sole possessor of the corresponding private key of the pair, are the only one who can decrypt it. Back

 What Is Key? A key is a single numeric value that is part of an algorithm for encrypting text. It is a sequence of characters used to encode and decode a file. For a symmetric key algorithm, the same key is used for both encryption and decryption. For public key algorithms, the publicly known key can only encrypt the messages, the privately held key must be used to decrypt the messages. Back

What Kind Of Keys Are Used In Digital Signatures? Digital signatures use public key cryptography. i.e Two keys are used to encrypt and decrypt a message. A Digital Signature is created using a person's "private" key. The recipient checks the signature using that person's "public" key. Back