A digital signature is a type of electronic signature which ensures that an electronic document is authentic. It gives the information about the creator of the document and ensures that the document has not been altered or tampered after its creation by that person. Digital signatures are used for validating the integrity and authenticity of any digital document, message or software etc.
Digital signature provides the following information
- Authentication of the Sender: it gives information about the creator of the document and thus authenticates the sender. The verifier can validate the digital signature using the public key of the sender which gives the assurance that the digital signature has been created by the sender who has its corresponding secret private key.
- Data integrity: it ensures that the contents of the electronic document have not been altered by an attacker. If any unauthorized person modifies the data, the verification of the digital signature fails at the receiver end.
- Timestamp: depending upon the type of digital signature, the electronic document can have the time stamp which gives information about the time at which the message was sent.
- Non-repudiation: the sender cannot deny about sending of the message, and the contents of the message.
Encryption and authentication of the Digital Signature
Digital signatures use encryption for ensuring the authentication of the electronic document. Encryption refers to the process of encoding all the data that one computer sends to another computer into a form which can only be decoded by that destination computer. The authentication of electronic document verifies that the information has been sent from a trusted source.
- There are various types of encryptions which are used for authenticating this electronic documents. Authentication of the electronic document is done either by a Password, Checksum, Cyclic Redundancy Check (CRC), Private key encryption, or Public key encryption.
- For authentication using password, username and password are used for checking a secure file to confirm.
- Checksum is used for detecting any changes or tempering done on the electronic document. An invalid checksum shows that the data has either been tampered or compromised in some manner. Cyclic Redundancy Check (CRC) is similar to checksum but it is more advanced and uses polynomial division for determining the value of CRC.
- In Private key encryption, the computer uses a secret key (code) for encrypting a packet of data before sending it to other computer on the network. Public key encryption is given by the sender’s computer to any other computer for communicating with it safely. The key is based on a hash value which is computed using a hash algorithm.
- In other words, digital signature provides authentication to an electronic record by tying it to a unique key which only the sender knows. The sender cannot deny sending a message that he had sent.
Working of Digital Signature
Digital signatures depend upon a secret which is either a paraphrase or a secret file. The receiver of the document can check whether the two documents were signed by the same secret without having the need to know about that secret. If these two documents have the same secrets it means that these were signed by the same persons and these documents have not been changed after these were signed.
A digital signature seems like a random pattern of characters that depend upon both the document and the secret. Any tampering or change in the document even that of a full stop after the document being signed will lead to failure in matching the signature. Any changes in the document changes the hash value of the document.
Difference between a Digital Signature and Physical Signature
- A physical signature is the part of the document as it is included in the document. However, a digital signature is a separate document which is sent to the receiver.
- A copy of physical signature can be distinguished from the original document, however, there is no such distinction in digital signatures unless there is a time stamp on the document.
- For physical signature, the recipient of the document can compare it with other authentic signature on the file. For digital signatures, the recipient of the document has to use a verification technique to check its authenticity.
- Digital signatures cryptographically binds an electronic identity on the document which cannot be copied to any other document. However, digital signatures do not provide privacy and there is a need for another layer of encryption for providing confidentiality.
Digital Signature Certificate (DSC)
Digital signature certificates are the digital equivalent of paper certificates such as passport, membership cards etc. Digital signature certificates can be provided electronically for proving one's identity for accessing any online service or information or for signing certain documents digitally. Digital signatuhave has to be issued and certified by a Certifying Authority (CA). Under section 24 of IT Act 2000, CA is a person who has been grana ted licence for issuing a digital signature certificate. The digital signature certificate used in the e-forms hthe ave same legal validity as that of a handwritten signature.
Types of Digital Signatures
There are three types of digital signatures Class-1, Class-2 and Class-3, each of them have different security levels.
- Class-1 certificate: these are issued for both business personal and private use. The class-1 certificate confirms that the information provided is authentic and it is not in conflict with the information of recognised consumer databases. These are used in places were the risks and consequences of data compromise are not of major significance
- Class-2 certificate: these are issued to both business personal and for private use. The certificate confirms that the information provided is authentic and it is not in conflict with recognised pre-verified databases. These are used in environments where the risk of data compromise are moderate. It can include transactions having substantial monetary value, or access to important private information etc.
- Class-3 certificate: these are issued to individuals and organisations primarily intended for e-commerce applications, and for other important purposes. It provides the highest level of security where the person needs to be present himself/herself in front of the registration authority for proving his her identity.