Digital Signature

From Wikiversity
(Redirected from Digital signature)
Jump to: navigation, search
Hard drives store information in binary form and digital media can be copied and altered without leaving evidence for this alteration on the storage device.

Digital media is any media that is encoded in a machine-readable format.[1] Digital media can be created, viewed, distributed, modified and preserved on digital electronics devices. When we exchange digital media there is a requirement, that the recipient can check the digital content was not changed since it was submitted from the author of the message/content.

Combined with the Internet and personal computing, digital media has caused disruption in publishing, journalism, entertainment, education, commerce and politics. Trust in the authenticity is the main driver for the introduction of digital signature.

Digital signature can be understood as a list of symbols that form the signature that is created for digital media.

The following example shows an example of a short e-mail with digital signature (the digital signature in real application are much longer).

Message Digital Signature
We will meet at 11:30, Bert hkadSZe839JSd9wJSDj3h723499bdadhSSHFDLnS
Validation: valid

The private key of author is used by the author for signing the message i.e. create the digital signature. The public key of the author is available for everyone, especially the recipient of the message. The recipient of message validates the message intregrity of the message with public key.

Assume some changed the message of the e-mail (replace the time 11:30 by 10:00).

Message Digital Signature
We will meet at 10:00, Bert hkadSZe839JSd9wJSDj3h723499bdadhSSHFDLnS
Validation: not valid

Remark: The real digital signature consist of much more characters. The example is just for illustration of the basic princinples of a digital signature.

Definition[edit]

Create Public-Private Key Pair - modified SVG by user:Bananenfalter
Sign Message with Private Key of Sender
Encrypt Message with Public Key of Recepient

A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).

Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.

Workflow[edit]

  • (Create Key Pair) Generate a public-private key pair (see OpenPGP Solutions for all Operating Systems),
  • (Publish Public Key) Publish the public key on a key-server of your institution or web-service that hosts a database of public keys,
    • (Public Key Server WITH Passport Authentication): the publication of your public key may need an authentication with your passport before the public key can be accessed by the public from keyserver. The user that generated the public key pair and created a publication reguest on keyserver for his/her public key approaches the IT-service unit (e.g. computer science centre) and signs a paper-and-pencil form stating the instititional regulations of private key protection and about the cryptographic use for institutional workflows. This could be last paper-and-pencil action perform by the user. From now on the paper-and-pencil signature can be replaced by a digital signature. It is recommended to combine the institutional step of publishing the public key with security information about the responsibility for using and storing the private key.
    • (Public Key Server WITHOUT Passport Authentication): the publication of your public key will be immediately available after the publications request and can be accessed by the public. This public key can be used from crypotographic message exchange, but not for formalized institutional processes.

Remark: If the formal process of "passport authentication before publication of public key" is not stated on the public key server, then the application of public keys should be performed under the assumption, that this formal process was not established at the institution. Always inform yourself about internal institutional procedures and the conditions under which the Public-Private Key infrastructure can be used under legal aspects.


Example Public Key Server: see e.g public keyserver of the MIT - Massachusetts Institute of Technology - to MIT).

Subtopics[edit]

See also[edit]

Further reading[edit]

  • J. Katz and Y. Lindell, "Introduction to Modern Cryptography" (Chapman & Hall/CRC Press, 2007)
  • Stephen Mason, Electronic Signatures in Law (4th edition, Institute of Advanced Legal Studies for the SAS Digital Humanities Library, School of Advanced Study, University of London, 2016). ISBN 978-1-911507-00-0.
  • Lorna Brazell, Electronic Signatures and Identities Law and Regulation (2nd edn, London: Sweet & Maxwell, 2008);
  • Dennis Campbell, editor, E-Commerce and the Law of Digital Signatures (Oceana Publications, 2005).
  • M. H. M Schellenkens, Electronic Signatures Authentication Technology from a Legal Perspective, (TMC Asser Press, 2004).
  • Jeremiah S. Buckley, John P. Kromer, Margo H. K. Tank, and R. David Whitaker, The Law of Electronic Signatures (3rd Edition, West Publishing, 2010).
  • Digital Evidence and Electronic Signature Law Review Free open source

Wikipedia: Categories[edit]

References[edit]

  1. "Digital Media". Technology Brief. University of Guelph. September 2006. Retrieved 28 March 2014.