Upload
juliet-potter
View
217
Download
1
Embed Size (px)
Citation preview
Digital Signature
INTRODUCTION
Why Signatures?Authenticates who created a documentAdds formality and finalityIn many cases, required by law or ruleDigital SignaturesNot simply a typed name or image of a
handwritten signatureBased on public-key encryptionAssociated with a digital document
Digital SignatureDigital signature can be used in all electronic
communicationsWeb, e-mail, e-commerce
It is an electronic stamp or seal that append to the document.
Ensure the document being unchanged during transmission.
Digital Signature
Digital Signature:- A special signature for signing electronic correspondence, produced by encrypting the message digest with the sender’s private key.
Message Digest:- A block of data or a sample of the message content that represents a private key.
Digital SignatureA digital signature’s main function is to verify that
a message of a document, in fact, comes from the claimed sender. This is called authentication.
When making a digital signature, cryptographic hash function are generally used to construct the message digest.
A hash function is a formula that converts a message of a given length into a string of digits (128 or more), called a message digest. Once the message digest is encrypted with the sender’s private key, it becomes a digital signature.
How digital Signature works?User A
User B
Use A’s private key to sign the document
Transmit via the Internet
User B receivedthe document withsignature attachedVerify the signature
by A’s public key storedat the directory
Digital Signature Generation and Verification
Message Sender Message Receiver
Message Message
Hash function
Digest
Encryption
Signature
Hash function
Digest
Decryption
Expected Digest
PrivateKey
PublicKey
Key ManagementPrivate key are password-protected.
If someone want your private key:They need the file contains the keyThey need the passphrase for that key
If you have never written down your passphrase or told anyoneVery hard to crack
Digital CertificatesDigital Certificate is a data with digital
signature from one trusted Certification Authority (CA).
This data contains:Who owns this certificateWho signed this certificateThe expired dateUser name & email address
Certification Authority (CA)A trusted agent who certifies public keys
for general use (Corporation or Bank).User has to decide which CAs can be trusted.
The model for key certification based on friends and friends of friends is called “Web of Trust”.The public key is passing from friend to friend.Works well in small or high connected worlds.
Public Key Infrastructure (PKI)PKI is a system that uses public-key
encryption and digital certificates to achieve secure Internet services.
There are 4 major parts in PKI.Certification Authority (CA)A directory ServiceServices, Banks, Web serversBusiness Users
PKI StructureCertification Authority Directory services
UserServices,Banks,Webservers
Public/Private Keys
4 key servicesAuthentication – Digital Certificate
To identify a user who claim who he/she is, in order to access the resource.
Non-repudiation – Digital Signature To make the user becomes unable to deny that he/she has sent
the message, signed the document or participated in a transaction.
Confidentiality - Encryption To make the transaction secure, no one else is able to
read/retrieve the ongoing transaction unless the communicating parties.
Integrity - Encryption To ensure the information has not been tampered during
transmission.
THANK YOU