Digital Signatures and Certificates

Encryption – Process of converting electronic data into another form, called

ciphertext, which cannot be easily understood by anyone except the authorized
parties. This assures data security.

Decryption– Process of translating code to data.

 The message is encrypted at the sender’s side using various encryption
algorithms and decrypted at the receiver’s end with the help of the decryption
algorithms.
 When some message is to be kept secure like username, password, etc.,
encryption and decryption techniques are used to assure data security.

Types of Encryption

Data encryption transforms information into a code that is only accessible to

those with a password or secret key, sometimes referred to as a decryption key. Data
that has not been encrypted is referred to as plaintext, whereas data that has been
encrypted is referred to as ciphertext. In today’s business sector, encryption is one
of the most popular and effective data protection solutions. By converting data into
ciphertext, which can only be decoded with a special decryption key generated either
before or at the time of the encryption, data encryption serves to protect the secrecy
of data.
 Symmetric Encryption

Data is encrypted using a key and the decryption is also done using the same
key. There are a few strategies used in cryptography algorithms. For encryption
and decryption processes, some algorithms employ a unique key. In such
operations, the unique key must be secured since the system or person who knows
the key has complete authentication to decode the message for reading.

Symmetric Encryption
 Asymmetric Encryption

Asymmetric Cryptography is also known as public-key cryptography. It uses

public and private keys for the encryption and decryption of message. One key in
the pair which can be shared with everyone is called the public key. The other key
in the pair which is kept secret and is only known by the owner is called the private
key.

Asymmetric Encryption
Public key–
Key which is known to everyone. Ex-public key of A is 7, this information
is known to everyone.

Private key–
Key which is only known to the person who’s private key it is.

Authentication-
Authentication is any process by which a system verifies the identity of a
user who wishes to access it.

Non- repudiation–
Non-repudiation is a way to guarantee that the sender of a message cannot
later deny having sent the message and that the recipient cannot deny having
received the message.

Integrity–
to ensure that the message was not altered during the transmission.

Message digest –
The representation of text in the form of a single string of digits, created using
a formula called a one way hash function. Encrypting a message digest with a private
key creates a digital signature which is an electronic means of authentication..
 Digital Signature

A digital signature is a mathematical technique used to validate the authenticity

and integrity of a message, software, or digital document.

1. Key Generation Algorithms:

Digital signature is electronic signatures, which assure that the message was
sent by a particular sender. While performing digital transactions authenticity and
integrity should be assured, otherwise, the data can be altered or someone can
also act as if he was the sender and expect a reply.
2. Signing Algorithms:
To create a digital signature, signing algorithms like email programs create a
one-way hash of the electronic data which is to be signed. The signing algorithm
then encrypts the hash value using the private key (signature key). This encrypted
hash along with other information like the hashing algorithm is the digital
signature. This digital signature is appended with the data and sent to the verifier.
The reason for encrypting the hash instead of the entire message or document is
that a hash function converts any arbitrary input into a much shorter fixed-length
value. This saves time as now instead of signing a long message a shorter hash
value has to be signed and moreover hashing is much faster than signing.
3. Signature Verification Algorithms :
Verifier receives Digital Signature along with the data. It then uses
Verification algorithm to process on the digital signature and the public key
(verification key) and generates some value. It also applies the same hash
function on the received data and generates a hash value. If they both are equal,
then the digital signature is valid else it is invalid.
 The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and then
message digest is encrypted using private key of sender to form the digital
signature. (digital signature = encryption (private key of sender, message digest)
and message digest = message digest algorithm(message)).

2. Digital signature is then transmitted with the message.(message + digital

signature is transmitted)

3. Receiver decrypts the digital signature using the public key of sender.(This
assures authenticity, as only sender has his private key so only sender can encrypt
using his private key which can thus be decrypted by sender’s public key).

4. The receiver now has the message digest.

5. The receiver can compute the message digest from the message (actual message
is sent with the digital signature)
.
6. The message digest computed by receiver and the message digest (got by
decryption on digital signature) need to be same for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash function in
which computation of hash value of a message is easy but computation of the
message from hash value of the message is very difficult.
 Assurances about digital signatures

The definitions and words that follow illustrate the kind of assurances that digital
signatures offer.
1. Authenticity: The identity of the signer is verified.
2. Integration: Since the content was digitally signed, it hasn’t been altered or
interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all parties.
The act of a signer denying any affiliation with the signed material is known as
repudiation.
4. Notarization: Under some conditions, a signature in a Microsoft Word,
Microsoft Excel, or Microsoft PowerPoint document that has been time-stamped
by a secure time-stamp server is equivalent to a notarization.
 Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This
makes them ideal for any legal document that requires a signature authenticated
by one or more parties and guarantees that the record has not been altered.
 Sales contracts: Digital signing of contracts and sales contracts authenticates
the identity of the seller and the buyer, and both parties can be sure that the
signatures are legally binding and that the terms of the agreement have not been
changed.
 Financial Documents: Finance departments digitally sign invoices so
customers can trust that the payment request is from the right seller, not from a
bad actor trying to trick the buyer into sending payments to a fraudulent
account.
 Health Data: In the healthcare industry, privacy is paramount for both patient
records and research data. Digital signatures ensure that this confidential
information was not modified when it was transmitted between the consenting
parties.
 Drawbacks of Digital Signature

 Dependency on technology:
Because digital signatures rely on technology, they are susceptible to crimes,
including hacking. As a result, businesses that use digital signatures must make
sure their systems are safe and have the most recent security patches and upgrades
installed.

 Complexity:
Setting up and using digital signatures can be challenging, especially for
those who are unfamiliar with the technology. This may result in blunders and
errors that reduce the system’s efficacy. The process of issuing digital signatures
to senior citizens can occasionally be challenging.

 Limited acceptance:
Digital signatures take time to replace manual ones since technology is not
widely available in India, a developing nation.
 Digital Certificate

Digital certificate is issued by a trusted third party which proves sender’s

identity to the receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify
the identity of the certificate holder. Digital certificate is used to attach public key
with a particular individual or an entity.

Digital certificate contains

 Name of certificate holder.

 Serial number which is used to uniquely identify a certificate, the individual or
the entity identified by the certificate
 Expiration dates.
 Copy of certificate holder’s public key.(used for decrypting messages and
digital signatures)
 Digital Signature of the certificate issuing authority.
Digital certificate is also sent with the digital signature and the message.

Advantages of Digital Certificate

 NETWORK SECURITY :
A complete, layered strategy is required by modern cybersecurity methods,
wherein many solutions cooperate to offer the highest level of protection against
malevolent actors. An essential component of this puzzle is digital certificates,
which offer strong defence against manipulation and man-in-the-middle assaults.
 VERIFICATION :
Digital certificates facilitate cybersecurity by restricting access to sensitive
data, which makes authentication a crucial component of cybersecurity. Thus,
there is a decreased chance that hostile actors will cause chaos. At many different
endpoints, certificate-based authentication provides a dependable method of
identity verification. Compared to other popular authentication methods like
biometrics or one-time passwords, certificates are more flexible.

 BUYER SUCCESS :
Astute consumers demand complete assurance that the websites they visit are
reliable. Because digital certificates are supported by certificate authority that
users’ browsers trust, they offer a readily identifiable indicator of reliability.
 Disadvantages of Digital Certificate

 Phishing attacks:
To make their websites look authentic, attackers can fabricate bogus websites
and obtain certificates. Users may be fooled into providing sensitive information,
such as their login credentials, which the attacker may then take advantage of.
 Weak encryption:
Older digital certificate systems may employ less secure encryption methods that
are open to intrusions.
 Misconfiguration:
In order for digital certificates to work, they need to be set up correctly. Websites
and online interactions can be attacked due to incorrectly configured certificates.
 Digital certificate vs digital signature

Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e.

it is assuring that the message is sent by the known user and not modified, while
digital certificate is used to verify the identity of the user, maybe sender or receiver.
Thus, digital signature and certificate are different kind of things but both are used
for security. Most websites use digital certificate to enhance trust of their users

Feature Digital Signature Digital Certificate

Basics / Definition A digital signature secures Digital certificate is a file
the integrity of a digital that ensures holder’s
document in a similar way as identity and provides
a fingerprint or attachment. security.
Process / Steps Hashed value of original data It is generated by CA
is encrypted using sender’s (Certifying Authority)
private key to generate the that involves four steps:
digital signature. Key Generation,
Registration,
Verification, Creation.
Security Services Authenticity of It provides security
Sender, integrity of the and authenticity of
document and non- certificate holder.
repudiation.
Standard It follows Digital Signature It follows X.509
Standard (DSS). Standard Format