Sample Report
Sample Report
Sample Report
1. Introduction
The authenticity of many legal, financial, and other documents is determined by the
presence or absence of an authorized handwritten signature. The recipient of the signed
document can verify the claimed identity of the sender using the signature. Also, if the sender
later repudiates the contents of the document, then recipient can use the signature to prove the
validity of the document.
With the computerized message systems replacing the physical transport of paper and
ink documents, an effective solution for authentication of the electronic data is necessary.
Various methods have been devised to solve this problem, but the use of ‘digital signature’ is
definitely the best solution amongst them.
When a message is received, the recipient may desire to verify that the message has not
been altered in transit. Furthermore, the recipient may wish to be certain of the originator's
identity. Both of these services can be provided by the digital signature. A digital signature is an
electronic analogue of a written signature in that the digital signature can be used in proving to
the recipient or a third party that the message was, in fact, signed by the originator. Digital
signatures may also be generated for stored data and programs so that the integrity of the data
and programs may be verified at any later time.
1.1 . Definition
Basically, the idea behind digital signatures is the same as your handwritten signature.
You use it to authenticate the fact that you promised something that you can't take back later. A
digital signature doesn't involve signing something with a pen and paper then sending it over the
Internet. But like a paper signature, it attaches the identity of the signer to a transaction. Having a
digital certificate is like using your driver's license to verify your identity. You may have
obtained your license from Maryland, for example, but your Maryland license lets you drive in
Nevada and Florida. Similarly, your digital certificate proves your online identity to anybody
who accepts it.
A digital signature can also be used to verify that information has not been altered after it
was signed. A digital signature is an electronic signature to be used in all imaginable type of
electronic transfer. Digital signature significantly differs from other electronic signatures in term
of process and results. These differences make digital signature more serviceable for legal
Digital signatures are based on mathematical algorithms. These require the signature
holder to have two keys (one private and the public) for signing and verification .A verifiable
trustworthy entity called certification authority creates and distributes signatures. A digital
signature is a cryptographic means through which many of these may be verified. The digital
signature of a document is a piece of information based on both the document and the signer’s
private key. It is typically created through the use of a hash function and a private signing
function (encrypting with the signer’s private key).
1.2. History
It is probably not surprising that the inventors of writing, the Sumerians, were also the
inventors of an authentication mechanism. The Sumerians used intricate seals, applied into
their clay cuneiform tablets using rollers, to authenticate their writings. Seals continued to be
used as the primary authentication mechanism until recent times.
Use of signatures is recorded in the Talmud (fourth century), complete with security
procedures to prevent the alteration of documents after they are signed. The Talmud even
describes use of a form of "signature card" by witnesses to deeds.
The practice of affixing signatures to documents spread rapidly from this initial usage, and the
form of signatures (a hand-written representation of one’s own name) remained essentially
unchanged for over 1,400 years.
It is from this Roman usage of signatures that the practice obtained its significance in Western
legal tradition.
2. Basic Requirements
Any individual who wishes to use the digital signature must have a unique private key for
generation of the signature. The recipients who receive digitally signed messages must have the
public key, corresponding to the private key used for the generation of the digital signature, for
verification of the signature. Also the recipients must obtain the digital signature certificate
which acts as a proof of the association between the public key and the private key. Once all
these requirements are satisfied, then only the subscriber can use the digital signature.
Private Key
The private key is one which is accessible only to the signer. It is used to generate the
digital signature which is then attached to the message. It is very important to have a unique
private key for each user, so that the signature generated by that key for a given message can
not be duplicated by any other key.
The security of a digital signature system is dependent on maintaining the secrecy of
users' private keys. Users must therefore guard against the unauthorized acquisition of their
private keys.
Public Key
The public key is made available to all those who receive the signed messages from the
sender. It is used for verification of the received message. Although the public key is uniquely
associated with the private key, there is no recognizable similarity between them. This is done
purposefully to avoid discovery of the private key from the public key. Thus the holder of a
public key can just verify the message received from the sender. Any person who digitally signs
his messages must distribute the public key to the recipients of his messages, so that they can
verify the validity of these messages.
A subscriber of the private key and public key pair makes the public key available to
all those who are intended to receive the signed messages from the subscriber. But in case of
any dispute between the two sides, there must be some entity with the receiver which will
allow the receiver of the message to prove that the message was indeed sent by the subscriber
of the key pair.
This can be done with the Digital Signature Certificate. This certificate lists the subscriber’s
public key. So, it acts as a binding between the private and public keys. Any message verified
by the public key listed on the certificate is implicitly assumed to be signed and sent by the
corresponding subscriber.
3. Technology works
Digital signatures require the use of public-key cryptography .If you are going to sign
something, digitally, you need to obtain both a public key and a private key. The private key is
something you keep entirely to yourself.
You sign the document using your private key- which is really just a kind of code-then
you give the person (the merchant of the website where you bought something or the bank
lending your money to buy a house) who needs to verify your signature your corresponding
public key.
He uses your public key to make sure you are who you say you are. The public key and
private key are related, but only mathematically, so knowing your private key. In fact, it’s
nearly impossible to figure out your private key from your public key.
The sender accomplishes the process of creating a digital signature. The receiver of the
digital signature performs the verification of the digital signature.
Signer authentication :
If public and private keys are associated with an identified signer, the digital signature attributes
the message to the signer. The digital signature cannot be forged, unless the signer loses control
of the private key.
Message authentication :
Digital signature identifies the signed message with far greater certainty and precision than
paper signatures. Verification reveals any tempering since the comparison of hash result shows
whether the message is the same as when signed.
Non-repudiation :
Creating a digital signature requires the signer to use his private key. This alters the signer that
he is consummating a transaction with legal consequences, decreasing the chances of litigation
later on.
Integrity :
Digital signature creation and verification processes provide a high level of assurance that the
digital signature is that of the signer. Compared to tedious and labor intensive paper methods,
such as checking signature cards, digital signatures yield a high degree of assurance without
adding resources for processing.
5. Algorithm
The digital signature algorithm specifies the procedure to generate and verify the digital
The above diagram shows the process of Digital Signature Generation. It consists of following
1. The user of Digital Signature can use this facility optionally. So if he chooses to send
the message without a signature, then the message is directly send to the other end. But, if he
wishes to digitally sign the message, then he is asked for the Private Key by the digital
2. A Secure Hash Algorithm (SHA) is used in the signature generation process to obtain a
condensed version of message, called a message digest. The SHA is such that it generates
different message digest for each different message. In other words, no two messages have the
same message digest.
3. The DSA sign unit accepts the message digest from the SHA and the private key from
the user. Then a digital signature is generated as a function of both, the private key and the
message digest. Number of other parameters called as DSA parameters, are also used in this
process. These parameters are discussed in details in the next section.
4. Once a signature is generated, it is attached to the original message. Then this message
is send to the other end.