What is a digital signature?
As the name suggests, a digital signature is the digital equivalent of a handwritten signature or stamped seal. To be more specific, a digital signature is a mathematical technique which is used to validate the authenticity and integrity of a message, document or software. Although it is
an alternative to signing documents with pen and paper, it offers far more secure by ensuring that there are no tampering and impersonation during the digital communication.
Why are digital signatures used?
Authenticity and Integrity are the core foundation of digital signatures. Due to these two principles, a digital signature is also considered to be a virtual fingerprint that is unique to the user and is used to identify signers and ensures that there has been no distortion or alteration in the digital documents during transit.
In addition to signing digital documents, they can also be used in financial transactions or software distribution or any other areas where the authenticity and integrity of digital communications are critical.
They come with added benefits of a proof of origin, time, identity and status of an electronic
document or transaction as well as non-repudiation by the signer.
Principles of Digital Signatures
Digital signatures are based on the principle of Public Key Cryptography, which involves the usage of a pair of different keys, namely, a public key and a private key, which are used for encryption and decryption.
Encryption is the method of transforming readable data known as plaintext, into a form that
appears to be random and unreadable, which is known as ciphertext; in contrary, decryption is the method of transforming cipher text back to readable data.
The private key is known only the owner, whereas the public key can be known to everyone and are usually listed in directories and databases of e- mail addresses. The public key and private key are mathematically related, and thus can be used to encrypt and decrypt data, that is, if the public key is used to encrypt a document, the corresponding private key is required to
decrypt it and vice verse. However, this does not mean that if someone gets another person’s public key, s/he will be able to figure out the corresponding
In conclusion, a document or message encrypted with one key can only be decrypted with the corresponding key. Hence, when a user signs a document, his/her identity is authenticated and validated through public key infrastructure technology.
How do Digital Signatures work?
Signing the document/message:
The mathematical algorithm generates the two keys, that is, the public key and the private key which are linked to each other. On signing the document/message, a unique fixed length alphanumeric digits is generated, which is also known as the hash value. The hash is generated using a mathematical algorithm and its value is unique and specific to that particular
document. Even the smallest change, such as the addition of a coma or a full
stop, would result in a separate hash.
In the next step, this hash value is then encrypted using the sender’s or the signer’s private key, which was generated in step 1. Now, the encrypted hash and the sender’s public key are combined into a digital signature, which is appended then to the document.
This digitally signed document is now ready for distribution.
Verifying the Signature:
On opening the digitally signed document in a digital signature-capable program (e.g., Adobe Reader, Microsoft Office), the program automatically uses the sender’s public key (which was included in the digital signature with the document as mentioned in step 3 above) to decrypt the document hash.
Moreover, by using the sender’s public decrypt the message/document, which was encrypted with the signer’s public key as seen in Step 1, the receiver can be sure that message, document really came from an authentic source. Thus, authenticity of the document is maintained.
The program then calculates a new hash for the document. If this newly generated hash matches the decrypted hash from Step 1, it implies that the document has not been altered or modified in any way. Thus, the integrity of the document is maintained. On the other hand, if the newly generated hash does not match the hash value from step 1, it would imply that the
document has been tampered or altered in some way during transit.