Embed Size (px)
Citation preview
Shubham Sharma
Username and Password are the only things in a
Digital Signature.
Any electronic document is a valid document, no need not signed because it is computer generated.
Digital Signature are for personal use and can’t be kept in court for perusal.
Common Myths
To provide Authenticity, Integrity and Non-repudiation to electronic documents.
Why Digital Signatures ?
Digital code attached to an electronically transmitted
document to verify its contents and the sender's identity.
Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document.
What is Digital Signature?
Symmetric encryption uses the identical key to both
encrypt and decrypt the data.
Symmetric/Asymmetric Encryption
Two related keys (public and private) for data encryption and decryption.
The private key is never exposed.
Takes away the security risk of key sharing.
Asymmetric
Message
+
Signature
Hash
Decrypt
Signature
With Sender’s
Public Key
SIGN hash
With Sender’s
Private key
Message
+
signature
COMPARE
Calculated
HashMessage
Sender Receiver
Hash
Sent thru’ Internet
if
OKSignatures
verified
Signed Messages
PIN Protected Soft Tokens
Private key is encrypted and kept on the Hard Disk in a file, this file is password protected.
Forms the lowest level of security in protecting the key, as
The key is highly reachable.
PIN can be easily known or cracked.
Private key is generated in the crypto module residing in the
smart card.
The key is kept in the memory of the smart card.
The key is highly secured as it doesn’t leave the card.
The message digest is sent inside the card for signing, and the signatures leave the card.
Smart Cards
Hardware Tokens
They are similar to smart cards in functionality as
Key is generated inside the token.
Key is highly secured as it doesn’t leave the token.
Highly portable.
Machine Independent.
Class 0 : Issued only for demonstration/ test purposes.
Class 1 : Confirms user's name and E-mail address.
Class 2 : Issued for both business personnel and private individuals use. Information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
Class 3 : This certificate issued to individuals as well as organizations. High assurance certificates. Issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
Different Classes of Digital Signatures
The pattern also has some (possible) liabilities:
Both participants must trust the identity of each other.
Thus, certificates issued by some certification authority are needed.
Both the sender and the receiver have to previously agree what cryptographic algorithm they support.
Liabilities
Public Key Infrastructure
(PKI)
Trusted Agency is required which certifies the association of an individual with the key pair.
Certifying Authority (CA)
This association is done by issuing a certificate to the user by the CA
Public key certificate (PKC)
All public key certificates are digitally signed by the CA.
Public Key Infrastructure
• Controller is the Root certifying authority responsible for regulating Certifying Authorities (CAs).
• CA Must be widely known and trusted.• CA must have well defined Identification process before
issuing the certificate.• CA certifies the association of an individual with his
public key.
• Provides online access to the list of certificates revoked.
• Displays online the license issued by the Controller.
Certifying Authority
Paper Electronic
IDRBT Certificate
Public-Key Certification
Signed
by using
CA’s
private
key
User
Name &
other
credentials
User’s
Public
key
User Certificate
Certificate
Database
PublishCertificate
Request
User Name
User’s
Public Key
CA’s Name
Validity
Digital
Signature
of CA
Certificate
Class
User’s Email
Address
Serial No.
Key pair Generation
Private
Public
Web site of CA
User 1 certificate
User 2 certificate
.
Public
License issued
by CCA
• There are only 6 certificate Authorities
1. Safescrypt
2. iTrust (IDRBT)
3. National Informatics Centre(NIC)
4. Tata Consultancy Services
5. (n)Code Solutions
6. e-Mudhra
There is only one Root Certificate Authority Root Certifying Authority of India (RCAI)
CA’s of India
Tragedy!!
Battle is ON!!
Download and install Gpg4Win(supports Outlook).
Download and install Thunderbird.
Add extension Engimail (adds OpenPGP message encryption and authentication to your thunderbird client.)
Create your key pair.
Encrypt/Sign on the go !!
DEMO Steps
