• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

What is Digital Signature and How it Works?

by wing

A digital signature is an electronic equivalent of a physical signature. Just like the way a signature in a paper authenticates the signer, the digital signature also confirms the authenticity of the owner. Besides, it ensures that integrity of the data and non-repudiation. Non-repudiation means that the sender cannot later deny that he did not send the message. So, if you have a digitally signed copy of a document, you can say that the sender of the document is authentic and the data in the document has not been modified by any intruders. Therefore, a digital signature has three purposes:

  1. Authenticity of the source
  2. Data integrity
  3. Non-repudiation

how digital signature works

Note: Remember that a digital signature never confirms the confidentiality of a document. Data confidentiality depends on the encryption mechanism.

Practical application of digital signature: for example, your customer regularly sends you order for product delivery via email. As you already know that receiving an email with a particular email address does not necessarily mean that the real person has sent you the email because emails address can easily be spoofed( a way to create forged sender address), which means that any intruder can send you a fake email using your customer’s email address. So, the question is how to confirm that the real customer is sending you the email, not any other person with evil intention. You will be sure about the origin of an email only when you are sure that the email is being signed digitally.

 

How digitally signed document is created?

For example, computer B wants to send an email or a digital document to you and you want it to be digitally signed so as you can confirm the source of the document. Before sending the documents to you, the computer B will follow the following process to create a digital signature:

  1. At first, computer B will create a message digest using contents of the document. Remember that a digest is a fixed-length string of characters that is created by applying mathematical equation(hashing functions) on the original message. So, every message has a unique digest and it will not match with the digest of any other message. After creating a digest, if anyone alter the original message and then create a digest, then the new digest will not match with the previous message. The digest will always be the same if only the message remains unaltered.
  2. Once you create a digest, you need to encrypt it with your private key. This encrypted format of the digest is called digital signature which is added to the original message and is sent to the destination.
  3. When the message arrives to its destination, the receiver will decrypt the digest using the public key of the sender. That will ensure the authenticity of the sender because the message was encrypted with the sender’s private key and it can only be decrypted with his public key.
  4. To prove the integrity of the message, the receiving computer will generate a digest from the message and match it with the received digest. If both the digest matches, it will ensure that the message was not altered by anyone on the way.

Components of digital signature

To sign a document digitally, we require two components: PKI (public key cryptography) and hashing algorithm.

Digital signature standard

In USA, NIST (National Institute of Standards and Technology) specifies the standard for digital signature which is known as Digital Signature Standard (DSS). According to this standard, all the federal office need to use SHA1 or SHA2 for hashing. This document also specifies the following three encryption algorithms that can be used in a digital signature:

  1. DSA-The Digital Signature Algorithm
  2. RSA-The Rivest, Shamir, Adleman
  3. ECDSA-The Elliptic Curve DSA

In simple words, a digital signature is a hash value that is encrypted with the private key of the sender and we use it to ensure data authenticity, integrity and non-repudiation.

Related Posts:

  • What is 128 Bit Encryption?Why the Length is Important?

Filed Under: Internet Security and Safety Tagged With: digital signature, encryption

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 3 Simple Steps to Capture...
  • How to Configure AAA (TAC...
  • 5 Steps to Setup a Nexus3...
  • How to Install AWS CLI an...
  • How to Configure SNMP in...
  • Active vs Passive FTP Mod...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com