How to Implement Digital Signature ?
Digital Signature
A digital signature is a technique used to validate the authenticity and integrity of a message, software or digital document. As the digital equivalent of a handwritten signature or stamped seal, a digital signature provides far better security, and it is intended to solve the problem of tampering and impersonation in digital communications.
In other words, the digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature.
Digital signature Vs Electronic signature?
An electronic signature is an electronic symbol attached to a contract or other record, used by a person with an intent to sign. In contrast, digital signature guarantee that an electronic document is authentic.
Electronic Signature: An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. This type of signature provides the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation it was created under
Digital Signature: A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature gives a recipient a very strong reason to believe that the message was created by a known sender and that the message was not altered in transit .[1]
How digital signatures work?
Digital signatures are based on public-key cryptography, also known as assymetric cryptography . Using a public key algorithm, one can generate public and private keys that are linked to each other.
Digital signatures work because public key cryptography depends on two mutually authenticating cryptographic keys. The individual who is creating the digital signature uses their own private key to encrypt signature-related data and the only way to decrypt that data is with the signer’s public key. This is how digital signatures are authenticated.
Digital signature technology requires all the parties to trust that the individual creating the signature has been able to keep their own private key secret. If by any chance someone else gets access to signer’s private key, then they can create fraudulent digital signatures in the name of the private key holder.
Steps to generate Public and Private key :
Let’s see how to generate and implement digital signature
a) Command to Generate Private key:
|
1 |
>openssl genrsa -aes256 -out rsa.private 2048 |
The above command generates a private key “rsa.private”. Once executed successfully you should see below output.
b) Command to Generate Public key:
|
1 |
>openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM |
The above command generates a public key named “rsa.public”. Once executed successfully you should see below output.
c) Generate Self-signed certificate using Private key
|
1 |
>openssl req -new -x509 -days 365 -key SelfSignedCA.key -out SelfSignedCA.cer |
Once executed successfully you should see below output.
What’s the process of applying the Digital Signature
Step1: When we process the document for digital signature, a unique fingerprint (called a hash) of the document is created using a mathematical algorithm (SHA, MD5 etc). This hash is specific to this particular document; even the slightest change to the document would result in a different hash.
Step2: The hash is encrypted using the signer’s private key. The encrypted hash and the signer’s public key are combined into a digital signature, which is appended to the document.
Step3: The digitally signed document is ready for distribution.
Verifying the Signature
- When you open the document in a digital signature-capable program (Adobe Reader, Microsoft Office), the program automatically uses the signer’s public key and it was included in the digital signature with the document to decrypt the document hash.
- The program calculates a new hash for the document. If this new hash matches the decrypted hash from Step 1, the program knows the document has not been altered and displays messaging alone the lines of, “The document has not been modified since this signature was applied.”
Digital certificate
A digital certificate, an electronic document that contains the digital signature of the issuing certificate authority, binds together a public key with an identity and can be used to verify that a public key belongs to a particular person or entity.
Classes of digital certificate
There are three different classes of Digital Signature Certificates:
Class 1 Certificate:
Class 1 certificate provides a basic level of security and is used in environments with a low risk of data compromise. It cannot be used for legal business documents as they are validated based only on an Email ID and Username.
Class 2 Certificate:
Class 2 digital signatures authenticate a signee’s identity against a pre-verified database. Class 2 digital signatures are used in environments where the risks and consequences of data compromise are moderate. Mostly used for e-filing of tax documents, including income tax returns and Goods and Services Tax (GST) returns.
Class 3 Certificate:
Class 3 digital signatures are used for e-auctions, e-tendering, e-ticketing, court filings and in other environments where threats to data or the consequences of a security failure are high.
The highest level of digital signatures. Class 3 signatures require a person or organization to present in front of a certifying authority to prove their identity before signing.
Keep Learning, Thanks for reading !!!
