As one of the best ways to secure information, digital signatures have simplified secure communication between individuals, businesses and even government institutions. At the very core of digital signature processing and verification is security, encryption and the use of algorithms. This makes digital signatures not just highly useful but also quite difficult for the average person to understand and use. If you have ever wanted to make use of a digital signature, you should find the information in this article very valuable.
Precisely defined, a digital signature is a mathematical technique that is used to validate the authenticity of a message, digital document or software product. It is in essence the digital equivalent of a hand-written signature but with much more security.
Digital signatures are created to solve the problem of tampering with digital communication as they provide assurances of the origins of the document, the identity of the originator and the informed consent by the signer. They hold the same legal status as hand-written signatures in most countries.
A typical digital signature consists of three algorithms. The first is the key generation algorithm. This algorithm selects a private key from a random set of possible private keys and provides a private key and a corresponding public key. These keys are linked mathematically. The second algorithm the signing algorithm produces a signature from the private key and a message. The third algorithm, the signature verifying algorithm when presented with the message, public key and the signature will either accept or reject the message's authenticity. For a digital signature to be valid, it should be impossible to generate a valid signature for a party that doesn't possess the private key.
As we have already seen, a digital signature is based on public key cryptography. A user can generate two keys that are mathematically linked; a public and a private key. A digital signature is created when a signing program creates a one-way hash of the electronic data to be signed. The user then uses the private key to encrypt the hash. This encrypted has along with other information is what is called a digital signature. Encrypting the hash instead of the entire message or document is done because a hash function can convert an input into a fixed length value which is usually much shorter than the entire message and thus saves time since its much faster than signing.
This fixed-length value is unique to the hashed data which means that even a single change such as deleting or adding a single character may result in a different value. This uniqueness makes it easy for others to validate the integrity of the data using the public key that decrypts the hash. If the decrypted hash matches a second has of the same data it means that the information has not changed since it was signed. If it doesn't, it means that the data was somehow compromised since the signature created with a private key doesn't correspond to the public key presented by the signer.
So essentially, a digital signature is created at the source when the key algorithm generates the public and private keys. The private key is used to encrypt the one-way hash crated by the signing software. The public key will then be used by the signer to decrypt the hash function and authenticate the information. If the hash function sent by the originator (the private key) corresponds to the one decrypted by the signer (the public key), the data is verified as authentic.
The cost of generating a digital signature will vary for many reasons. First, the signing software you choose to get the digital signature certificate will determine how much you pay. Also, the type or class of digital signature certificate you wish to purchase will also affect the price of the digital signature. For instance, a person seeking a Class 3 digital signature certificate will have to pay more than a person seeking a class 1 digital signature certificate. The pricing is also affected by the duration you wish to hold the certificate. But in general, the price will range from about $500 to upwards of $2000 depending on the factors we've outlined above.
If you still have some pressing questions about digital signatures and how they work, the following list of FAQs should be of further assistance.
The Public Key Infrastructure (PKI) is a term used to describe a set of laws, roles and policies that are required for the creation, management, distribution, usage, storage and sometimes revocation of public keys that are the essence of secure data exchanges via a network such as the internet. While data may still be encrypted with PKI, there would be no assurance of the identity of the other party. Therefore, any form of sensitive data that is exchanged over the internet requires PKI for security.
Digital certificates are at the heart of PKI since the identity of the originator of the information is affirmed and bound to the identity of the public key contained in the certificate.
A Certificate Authority is an entity that issues an electronic document that are used to verify the digital identity of an entity- business or individual. These documents are often referred to as electronic certificates and are an essential part of secure communications, playing an important role in the public key infrastructure (PKI). A typical electronic certificate will often contain the owner's public key, the certificate's expiration date and any other information that may be used to identify the owner.
A digital signature certificate is an electronic identification document that allows an individual, business, computer or organization to exchange information securely over the internet using the Public Key Infrastructure (PKI). Also referred to as a Public Key certificate, a digital certificate is issued by a Certificate Authority. Just like a passport od driver's license it provides identifying information and is just as forgery resistant since it is issued by a trusted agency.
A digital certificate contains the name of the holder, a serial number, an expiration date for the certificate and a copy of the holder's public key. A digital certificate is only genuine and valid if it is signed by a root certificate belonging to a trusted Certificate Authority.
Digital signatures are legally binding as long as some key factors are addressed both before and during the signing and verification process. To begin with, signers have to prove their identity for the document being signed to be considered legally binding. In other words, the signer can use the public key to confirm the identity of the originator of the document for the signature to be legally binding. It is also very important that the signer understand that they are signing a legal document. This must be done through legal disclosure and consent to ensure the legality of the document being signed.
It also very important to ensure that the signer is aware that the document they are signing is legally binding. The document being signed must also be protected from tampering. Ensure that the both the private key and the public key are secure and only in the hands of the signing parties. The ESIGN act passed in 2000, ensures that electronic and digital signatures are legally binding.
As compared to other ways of signing and authenticating information, a lot goes into ensuring the security of digital signatures. The different algorithms used to create the public and private keys, encrypt the has function using the private key and the decrypt it using the public key ensure the safety and security of the document. A person is only able to gain access to and verify the information if they are in possession of the public key to decrypt the message. The fact that the two unique keys only correspond to one another further bolsters the security of digital signatures. Digital signature certificates are also quite secure since they are the equivalent of other identifying documents like passports and Driver's license.
With all they have to offer, digital signatures may not be the ideal solution for all. If you want to make a more informed decision on whether to choose digital signatures or not, the following breakdown of its advantages and disadvantages should help.
Advantages of Digital Signatures
Disadvantages of Digital Signatures
Still get confused or have more suggestions? Leave your thoughts to Community Center and we will reply within 24 hours.