Digital signature is a sort of Cryptography. Cryptography means keeping communications private. It is a practical art of converting messages or data into a different form, such that no one read them without having access to the ‘key’. The message may be converted using a ‘code’ (in which case each character or group of characters is substituted by an alternative one), or ‘cipher’ (in which case the message as a whole is converted, rather than individual characters). It deals with encryption, decryption and authentication.
There are two types of Cryptography
1.Secret key or Symmetric Cryptography
2. Public key or Asymmetric Cryptography
In Symmetric Cryptography the sender and receiver of a message know and use the same secret key to encrypt the message, and the receiver uses same key to decrypt the message.
Asymmetric (or public key) Cryptography involves two related keys, one of which only the owner knows (the 'private key') and the other which anyone can know (the 'public key').
The advantages of Asymmetric Cryptography are that:
Only one party needs to know the private key.
The knowledge of the public key by a third party does not compromise security of message transmission.
The most important development from the work on public –key cryptography is Digital Signature.
What is digital signature:
Basically, the idea behind digital signatures is the same as your handwritten signature. You use it to authenticate the fact that you promised something that you can't take back later. A digital signature doesn't involve signing something with a pen and paper then sending it over the Internet. But like a paper signature, it attaches the identity of the signer to a transaction. Having a digital certificate is like using your driver's license to verify your identity. You may have obtained your license from Maryland, for example, but your Maryland license lets you drive in Nevada and Florida. Similarly, your digital certificate proves your online identity to anybody who accepts it.
A digital signature can also be used to verify that information has not been altered after it was signed. A digital signature is an electronic signature to be used in all imaginable type of electronic transfer. Digital signature significantly differs from other electronic signatures in term of process and results. These differences make digital signature more serviceable for legal purposes.
Digital signatures are based on mathematical algorithms. These require the signature holder to have two keys (one private and the public) for signing and verification .A verifiable trustworthy entity called certification authority creates and distributes signatures. A digital signature is a cryptographic means through which many of these may be verified. The digital signature of a document is a piece of information based on both the document and the signer’s private key. It is typically created through the use of a hash function and a private signing function (encrypting with the signer’s private key). Digital Signatures and hand – written signatures both rely on the fact that it is very hard to find two people with the same signature. People use public –key cryptography to compute digital signatures by associating something unique with each person. When public-key cryptography is used to encrypt a message, the sender encrypts the message with the public key of the intended recipient. When public -key cryptography is used to calculate a digital signature, the sender encrypts the “digital fingerprint” of the document with his or her own private key. Anyone with access to the public key of the signer may verify the signature.
Why Digital Signature:
Message authentication protects two parties who exchange messages from any third party. However it does not protect two parties against each other. Several forms of disputes between the two are possible.For example suppose that john sends an authenticated message to Mary,using one of the schemes.Following dispute that could arise :
Mary may forge a different message and claim that it can come from John.Mary would simply have to create a message and append an authentication code using the key that John and Mary share.
John can deny sending the message.Because it is possible for Mary to forge a message there is no way to prove that John did in fact send the message.
Both scenarios are of legitmate concern.Here is an example of the first scenario:An electronic fund transfer take place and the receiver increases the amount of fund transferred and claims that larger amount had arrived from the sender.An example of the second scenarios is that an electronic mail message contains instruction to a stockbroker for a transdaction that subsequently turns out badly.The sender pretend that the message never sent.
In situation where there is not complete trust between sender and receiver,something more than authentication is needed .The most attractive solution to this problem is the digital signature .The digital signature is analogus to the handwritten signature.
CONCLUSION
Digital signatures are difficult to understand. Digital signatures will be championed by many players that the public distrusts, including national security agencies, law enforcement agencies, and consumer marketing companies. Digital signatures will inevitably be associated with cards. Digital signatures will inevitably be associated with biometric identifiers.
As a result, it appears that digital technology is rapidly becoming pervasive, the public not find this comforting. They will demand explicit privacy protections, far more substantial than the weak and patchy regime that is presently in place. The protections are also quite inadequate, though promising in some respects. Successful implementation of digital signatures will require far more attention to privacy issues by policy-makers and business interests.
Nice
ReplyDeleteThanks
ReplyDelete