What is a Digital Signature and How Does it Work?
A digital signature is an encrypted electronic stamp used to authenticate digital data or information. It is created by computers using Public Key Cryptography (PKC), also called asymmetric cryptography, because it uses two kinds of keys to encrypt and decrypt the document. One is called the private key, and the other is called the public key.
Despite the complexity of the process of creating a digital signature, placing a digital signature on a document is as easy as signing it manually.
Here’s the flow of the whole encryption process:
– The process of applying a digital signature to a document starts with the sender choosing which document needs to be signed.
– The computer calculates the hash (the message that is converted to a long number).After the calculation, the hash is encrypted using the sender’s private key (also called the signing key) to create the digital signature.
– The original document is then sent to the recipient.
– When the recipient receives the document, his computer decrypts the digital signature using the sender’s public key.
– The computer also calculates the hash of the original message and compares it with the hash of the received message.
– If the document has been untampered from the time it was sent to the time it was received, the hashes will be the same.
– On the other hand, if the hashes are different, that means the document has been tampered with, the digital signature will fail, and the receiver will be informed that the document has been compromised.
What Security is Provided by Digital Signatures?
Digital signatures provide three types of security: authentication, integrity, and non-repudiation.
The digital signature serves as proof of the person who signed the document. No one can impersonate the sender because he alone has access to his or her private key.
The digital signature ensures that the document has not been tampered with nor altered during the transmission. If someone attempts to alter the document, the receiver’s computer will detect it because it will have a different hash than the original document.
The sender cannot deny that he is the author of the document because he alone has access to his private key. Conversely, no one can falsely claim that they authored a document signed by another person.
Digital Signatures and Certificate Authorities
As mentioned above, the receiver uses the sender’s public key to decrypt the message sent to him. However, before the receiver can use the public key, he needs a verification that it indeed belongs to the sender. That’s where the certificate authority (CA) comes in—it proves that the sender is indeed the owner of the public key.
The CA issues a digital certificate that contains the following data structure:
– The name of the sender
– The sender’s public key
– The name of the CA that issued the certificate
– Validity dates of the certificate (start and expiration)
– Other optional information, such as the type of documents and data for which it can be used
The Certificate Authority has both a private and public key, which are used to sign the above data structure so that no one can alter or modify it.
There are many types of CAs all over the world. They can be industry-based, enterprise-based, national-based, or public. Public CAs might be liable for their certificates, such as following the procedures they declared when they register users for digital certificates.
Certificate authorities also operate on different levels of security based on the area they are in. In some places like the EU, CAs must comply with certain minimum standards to be certified. These standards are needed to ensure that the operations and processes are secure.