Ask Experts » Computers » Software »
Date: 14 Apr 2009 Group: Computers Category: Software
What is a Digital Signature?
What does it contain,what are the algorithms used who can use it and what are its drawbacks and benefits.
|Author: Baji Babu 16 Apr 2009 Member Level: Silver Points : 2 Voting Score: 0|
| A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol.|
|Author: gopi 16 Apr 2009 Member Level: Silver Points : 1 Voting Score: 0|
Digital signature is the type of security concept in which cryptographic technologies are involved. A particular software or website is digitally signed means that is authorised to use without any fear of the spammers.
|Author: Rajesh 16 Apr 2009 Member Level: Gold Points : 2 (Rs 2) Voting Score: 2|
Digital signature is the electronic form of written signature. It is used to validate the identity of the sender who had sent a signed agreement through mail. This will ensure that the content of the matter is original and had been read and agreed by the sender. This will also ensure that the original content sent by the sender reaches the receiver without any changes or distortion.
Digital signature can be used in any type of message and it can also be encrypted so that it is not visible to all. A digital certificate contains the digital signature of the certificate issuing authority so that anyone can verify that the certificate is real. Digital signature cannot be duplicated or imitated by anyone as it comes with a timestamp.
|Author: Ajay Kumar 18 Apr 2009 Member Level: Gold Points : 1 Voting Score: 0|
|A unique address that identifies every network and host on the Internet. (A host is defined as the TCP/IP network interface within the computer, not the computer itself)|
|Author: Shampa Ray Barman 18 Apr 2009 Member Level: Gold Points : 2 Voting Score: 0|
|A digital signature is an electronic artifact that attests that an electronic message, in the form it was signed, was authenticated by a person with "sign" authority under the private key used to create the signature. Any person who has access to the signer's public key can recover the plaintext of the signature and compare that plaintext to the declared hash of the underlying message. To use PGP as an example, a signer begins by creating a linked pair of keys. One is kept private. The other is disseminated to the world at large. The signer creates a message and passes it to the PGP-sign module. PGP computes an MD5 hash of the message. A hash is an "irreversible" artifact that looks like a great deal of gibberish, and so it is. Its characteristic is that it is believed to be impractical to find any two messages that would have the same hash. Even a tiny change in the message produces a big change in the hash. Then the hash is encrypted using the signer's private key.|
|Author: Baji Babu 20 Apr 2009 Member Level: Silver Points : 0 Voting Score: 0|
A digital signature functions for electronic documents like a handwritten signature does for printed documents. The signature is an unforgeable piece of data that asserts that a named person wrote or otherwise agreed to the document to which the signature is attached.
A digital signature actually provides a greater degree of security than a handwritten signature. The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed. Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later disown it by claiming the signature was forged.
In other words, digital signatures enable "authentication" of digital messages, assuring the recipient of a digital message of both the identity of the sender and the integrity of the message.
|Author: a deepan raj 20 Apr 2009 Member Level: Silver Points : 1 Voting Score: 0|
|What's in your wallet? Chances are you have at least two or three items which identify you in some way: a driver's license, registration, ATM cards, credit cards, Medicare card.|
We're used to carrying around ID, it's no big deal. But how do you identify yourself on the Net?
Anyone who's spent any time in a chat room, MUD or newsgroup will know that the Internet is full of people who are faking it. You've probably done it yourself: assumed an identity, or given incomplete or inaccurate information, when forced to fill in a form to qualify for a software download or access to a site.
Even more importantly, how do you identify companies on the Net? When you're about to whip out your credit card and order that new Tina Arena CD through an online music store, how do you know who you're dealing with on the other end of this supposedly 'secure' transaction?
Checking real-world bona fides
In the 'real world' we identify and judge companies we deal with by a combination of name, reputation and physical appearance.
If you see an advertisement in the paper for a brand new computer system with the works and the price seems too good to be true, you're likely to do some checking up on the advertiser. If it's a familiar name or a company that others vouch for, you'll be encouraged to think about buying. If the company's name is unfamiliar, you might still decide to go to the store and suss them out: does the store look rundown or well maintained, do the staff look professional, do they answer your questions knowledgeably and clearly, how long has the company been in business, who else appears to be shopping there?
None of these things will guarantee you a 'safe' buy, but they all contribute to your decision whether to entrust your business to the company.
Checking virtual bona fides
On the Net, there's no way to give a retailer the once over; all you have to go by is the company's name, the look of their Web site, and things you've heard from other customers.
The same goes for software publishers. The Web is overflowing with software downloads, and you'll frequently come across sites which offer to download a Java applet or ActiveX control to let you experience the latest gee-whiz effects. How can you know these 'freebies' are safe to unleash on your PC?
Enter digital certificates. A digital certificate, or digital ID, is used to prove who you are on the Internet.
Digital IDs can be issued to Web sites, software developers and individuals. You can be pretty sure that anyone who produces a valid digital ID is who they claim to be. Of course, while a digital ID verifies someone's identity, it says nothing about their character – something you need to establish for yourself.
Nevertheless, the requirements for getting a digital ID as an organisation engaged in electronic commerce are stringent enough that they give some assurance of the certificate holder being an established business. For software publishers, a combination of a digital ID and an Authenticode certificate not only verifies identity but also states the equivalent of "this code has not been tampered with and should not wreak havoc on your computer".
The basic personal digital ID requires nothing more than having a verifiable e-mail address. If people you deal with on the Net are finicky about who they're dealing with, you can get different classes of personal IDs, requiring either third-party proof of your name, address and other information right up to IDs which can only be obtained by appearing in person or presenting registered credentials.
What is a digital ID?
What, exactly, is a digital certificate? Technically, it's an electronic document which conforms to the International Telecommunications Union's (the international body that determines communications standards) X.509 specification.
In everyday terms, it's a document which typically contains the owner's name and public key, the expiration date of the public key, the serial number of the certificate, and the name and digital signature of the organisation which issued the certificate. The digital certificate binds together the owner's name and a pair of electronic keys (a public key and a private key) that can be used to encrypt and sign documents. (If you'd
like to know how public key encryption works, see What is public key encryption?.)
What's to stop you from forging a digital certificate by combining your public key with someone else's identifying information? For instance, what prevents you from creating a bogus certificate in the name of the Australian Taxation Office?
This is the role of certificate authorities (CAs). These organisations are responsible for issuing, validating and revoking digital IDs. When you apply for a digital certificate, the CA checks your credentials and issues a certificate which they encode using their own private key. Anyone who wants to check the validity of your digital certificate can do so by decoding your certificate using the CA's public key, and then checking it against the certificate you've given them.
Of course, this means you need to be able to trust the CA, and that trust is based on the stringent requirements involved in becoming a CA. The most prominent CA at the moment is Verisign (www.verisign.com), although it is only one of a number of such authorities.
Do I need one?
Currently, there's no pressing need for you, as an individual, to have a digital ID. But that's due to change.
Recently, a group of the major financial players in the world of online commerce, including Visa (www.visa.com) and Mastercard (www.mastercard.com), have published a new protocol for SET – Secure Electronic Transactions. SET is designed to make online credit card transactions as secure as offline transactions and, once it's in place, many online merchants will insist you produce your digital ID before they'll do business with you. In fact, you'll need a separate digital ID for each credit card you use online.
It's not likely to stop there, either. Once online shopping makes digital IDs more commonplace, we'll probably see more Web sites using such certificates simply to check your ID. For instance, a single personal digital ID can be used instead of multiple user name/password combinations required to access different Web sites.
You'll also find more and more software developers, online shops and other sites providing their own digital IDs as surfers and consumers demand greater security on the Net.
While there's no need to rush out and get yourself a digital ID today, six months down the track you're likely to have a couple stored on your hard disk.
How do I get one?
You can get a digital ID from any of the CA's which provide personal digital certificates.
Usually the easiest way to get one is by using an application which supports digital signatures and encryption. For example, the latest versions of both Netscape Navigator (and Communicator) and Microsoft's Internet Explorer provide support for encryption and digital signatures, and each program offers an option to sign you up for a digital ID.
Safety's a chimera
No-one is making iron-clad guarantees about the privacy and security of online interactions. But with the introduction of new technology such as digital certificates, standards for e-mail encryption (such as S/MIME – Secure Multipurpose Internet Mail Extensions), and SET for electronic commerce, exchanging sensitive information online is becoming considerably less dicey.
|Author: menakka 22 Apr 2009 Member Level: Silver Points : 2 Voting Score: 0|
|A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.|
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
|Author: Amit 28 Apr 2009 Member Level: Gold Points : 0 Voting Score: 0|
A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything representable as a bitstring: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol.
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature,but not all electronic signatures use digital signatures. In some countries, including the United States, and in the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused.
|Author: Shashikant Gupta 22 May 2009 Member Level: Gold Points : 2 Voting Score: 0|
|A digital signature is method / tool to assign your messages a unique code which is in encrypted format so that it ensures the confidentiality of the message while transmitting it over internet. It ensures that two communicators that a message sent by the other has not been tampered by any eavesdropper during its transmission over the network. (An eavesdropper is the one who hacks the messages while in transmit from sender to the receiver.)|