What is Digital Signature?
Message and Message Digest
- The document is called a message.
- Fingerprints are called a message digest.
- To preserve integrity hash function is applied to the message to create a message digest or fingerprint.
Message Authentication Code (MAC)
- Digest created using a hash function is also called modification detection code (MDC).
- MDC uses a keyless hash function.
- To provide authentication use message authentication code (MAC).
- MAC uses keyed hash function i.e uses a symmetric key between sender and receiver site.
MAC(Message Authentication Code) was used to provide Message Integrity and Message Authentication but it needs symmetric key established between sender and receiver. A digital signature on other hand uses pair of asymmetric keys.
A valid digital signature helps the receiver to know the message comes from the authentic sender and is not altered in between.
What is a Signature?
We sign a document to show that is approved by us or created by us. The signature is proof to the recipient that this document is coming from the correct source. The signature on the document simply means the document is authentic.
When A sends a message to B, B needs to check the authenticity of the message and confirm it comes from A and not C. So B can ask A to sign the message electronically. The electronic signature proves the identity of A is also called a digital signature.
Conventional Signature Vs Digital Signature
|Conventional Signature||Digital Signature|
|A conventional Signature is part of a document. For example, when we sign a cheque the signature is present on the cheque not on a separate document.||A digital signature is not part of a document. This means the sender sends two documents message and signature.|
|To verify conventional signatures the recipient compares the signature on the document with the signature on file. So recipient needs to have a copy of this signature on file for comparison.||To verify digital signatures the recipient applies verification technique to a combination of message and the signature to verify authenticity. So here a copy of the signature is not stored anywhere.|
|the One to Many relationships between document and signature.||One to One relationship between message and signature. Every message has its own signature.|
|Copy of signed document can be distinguished from the original signature on file.||No distinction can be made unless there is a factor of time(timestamp) on the document.|
- Digital Signature needs a public key system. The sender uses a private key to sign a document and the verifier uses the public key to verify the document.
Cryptography Vs Digital Signature
- In Cryptosystem uses private and public keys of the receiver.
- In Digital signature uses private and public keys of the sender.
Process of Digital Signature
- Signing the document
- Signing a digest
Signing the document
- Encrypt the document using the private key of the sender.
- Decrypt the document using the public key of the sender.
Signing a digest
- Using public keys is very inefficient if we are dealing with long messages. The solution is to sign a digest of the message.
- Message digest has one to one relationship with a message.
- A digest can be made out of messages at the sender’s site.
- Digest then goes through the signing process using the sender’s private key.
- Sender then sends a message and signature to the receiver.
- At the receiver site using the public hash function, a digest is created out of the message it received.
- Using verification process authentication of signature is determined.
Features of Digital Signature
It is preserved by using the hash function in signing and verifying algorithms.
The message is verified using the public key of the sender. When A sends a message to B . B uses the public key of A for verification and A public key cannot create the same signature as C’s private key.
To provide a message non-repudiation trusted third party is needed.
- A creates a signature from the message and sends a message to B and a signature to the trusted center.
- The center validates A public key and verifies messages that come from A.
- The center saves a copy of the message with sender identity, receiver identity, and timestamp.
- The center uses a private key to create a new signature.
- The center sends a message, a new signature, A’s identity, B’s identity to B.
- B verifies the message using the public key of the trusted center.
In the future, if A denies that no message is sent from its site, the center can show a copy of the saved message.