Digital Signatures - Revision history

Ribeirag at 00:12, 14 April 2008

2008-04-14T00:12:01Z

← Older revision		Revision as of 00:12, 14 April 2008
Line 96:		Line 96:
	[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Algorithm (DSA)] is appropriate for applications requiring a digital rather than written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures.		[http://www.itl.nist.gov/fipspubs/fip186.htm Digital Signature Algorithm (DSA)] is appropriate for applications requiring a digital rather than written signature. The DSA digital signature is a pair of large numbers represented in a computer as strings of binary digits. The digital signature is computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified. The DSA provides the capability to generate and verify signatures.

-	==How/Where it can be used?==	+	==How/Where can it be used?==

	===Smart Cards===		===Smart Cards===

Ribeirag at 19:33, 13 April 2008

2008-04-13T19:33:39Z

← Older revision		Revision as of 19:33, 13 April 2008
Line 177:		Line 177:

	[http://www.youdzone.com/signature.html What is digital Signature?]		[http://www.youdzone.com/signature.html What is digital Signature?]
		+
		+	----
		+

	--[[User:Ribeirag\|Ribeirag]] 17:38, 5 April 2008 (EDT)		--[[User:Ribeirag\|Ribeirag]] 17:38, 5 April 2008 (EDT)

Ribeirag at 19:32, 13 April 2008

2008-04-13T19:32:49Z

← Older revision		Revision as of 19:32, 13 April 2008
Line 150:		Line 150:

	[http://en.wikipedia.org/wiki/Smart_card Smart Card]		[http://en.wikipedia.org/wiki/Smart_card Smart Card]
		+
		+	[http://en.wikipedia.org/wiki/Public_key_certificate Public key certificate]
		+
		+	[http://en.wikipedia.org/wiki/Cryptography Cryptography]

	== References ==		== References ==
Line 171:		Line 175:

	[http://www.di-mgt.com.au/rsa_alg.html RSA Algorithm]		[http://www.di-mgt.com.au/rsa_alg.html RSA Algorithm]
		+
		+	[http://www.youdzone.com/signature.html What is digital Signature?]

	--[[User:Ribeirag\|Ribeirag]] 17:38, 5 April 2008 (EDT)		--[[User:Ribeirag\|Ribeirag]] 17:38, 5 April 2008 (EDT)

Ribeirag: /* Symmetric key */

2008-04-07T06:44:15Z

Symmetric key

← Older revision		Revision as of 06:44, 7 April 2008
Line 20:		Line 20:

	=== Symmetric key ===		=== Symmetric key ===
-	Symmetric cryptography [[http://www.cs.bham.ac.uk/~mdr/teaching/modules04/security/lectures/symmetric-key.html 5]] refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976.~~<sup>[1]</sup>~~	+	Symmetric cryptography [[http://www.cs.bham.ac.uk/~mdr/teaching/modules04/security/lectures/symmetric-key.html 5]] refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976.
	Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data.		Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data.

Ribeirag at 03:24, 7 April 2008

2008-04-07T03:24:27Z

← Older revision		Revision as of 03:24, 7 April 2008
Line 87:		Line 87:
	===Algorithms===		===Algorithms===
	There are some algorithms that can be used in digital signature, there are some examples below:		There are some algorithms that can be used in digital signature, there are some examples below:
-	# Full Domain Hash, RSA-PSS etc., based on RSA	+	# Full Domain Hash, RSA-PSS etc., based on RSA (see more about RSA on [[Public Key Encryption Algorithms]])
	# DSA		# DSA
	# ECDSA		# ECDSA
Line 101:		Line 101:
	Most advanced smart cards [[http://en.wikipedia.org/wiki/Smart_card 8]] are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and DSA on board. Today's cryptographic smart cards are also able to generate key pairs on board, to avoid the risk of having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card).		Most advanced smart cards [[http://en.wikipedia.org/wiki/Smart_card 8]] are equipped with specialized cryptographic hardware that let you use algorithms such as RSA and DSA on board. Today's cryptographic smart cards are also able to generate key pairs on board, to avoid the risk of having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card).

-	[[Image:smartcard.jpeg \|thumb\|230px\|right '''Smart Card''']]	+	[[Image:smartcard.jpeg \|thumb\|230px\|right\| '''Smart Card''']]

	Such smart cards are mainly used for digital signature and secure identification.		Such smart cards are mainly used for digital signature and secure identification.
Line 114:		Line 114:

	== Digital Certificate ==		== Digital Certificate ==
		+	A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.[[http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.html 11]]
		+	Some digital certificates conform to a standard [http://www.webopedia.com/TERM/X/X_509.html X.509]. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
		+	[[Image:certificate.gif \|thumb\|250px\|right\| '''Digital Certificate anatomy''']]
		+	The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
		+
		+	'''Creating the Certificate'''
		+	After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
		+
		+	The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
		+
		+	'''Verifying the Certificate'''
		+	The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
		+
		+	At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures. The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session.

	==Security==		==Security==
Line 125:		Line 139:

	===How to increase safeness===		===How to increase safeness===
-	A good way to increase safeness that was mention before(see smart card section) is to use smart card to store the private key.	+	*'''Using Smart card:''' A good way to increase safeness that was mention before(see smart card section) is to use smart card to store the private key. (see [[Smart Card technology to prevent fraud]] )
-	(see [~~http://www.cas.mcmaster.ca/wiki/index.php/Smart_Card_technology_to_prevent_fraud~~ Smart Card technology to prevent fraud] )	+	*'''Using digital signatures only with trusted applications'''
		+	One of the main differences between a digital signature and a written signature is that the user does not "see" what he signs. The user application presents a hash code to be encrypted by the digital signing algorithm using the private key. An attacker who gains control of the user's PC can possibly replace the user application with a foreign subsitute, in effect replacing the user's own communications with that of the attacker's. Thus, the malicious application can trick the unwitting user into signing any document by displaying the user's original on-screen, but presenting the attacker's own documents (probably less favorable) to the signing application.

		+	To protect against this scenario, a authentication system can be setup between the user-application (word-processor, email client, etc.) and the signing-application. The general idea is to provide some means for both the user app and signing app to verify each other's integrity. (For example, the signing application may require all requests to come from digitally-signed binaries.)
	== See Also ==		== See Also ==
	[http://en.wikipedia.org/wiki/Digital_signatures_and_law Digital Signatures and Laws]		[http://en.wikipedia.org/wiki/Digital_signatures_and_law Digital Signatures and Laws]

	[http://en.wikipedia.org/wiki/Electronic_signature Electronic Signature]		[http://en.wikipedia.org/wiki/Electronic_signature Electronic Signature]
		+
		+	[http://en.wikipedia.org/wiki/Smart_card Smart Card]

	== References ==		== References ==
Line 144:		Line 162:
	#http://www.infosecwriters.com/text_resources/pdf/Public_Key_Cryptography_AMS.pdf		#http://www.infosecwriters.com/text_resources/pdf/Public_Key_Cryptography_AMS.pdf
	#http://www.state.sc.us/scdah/erg/ermEDS.pdf		#http://www.state.sc.us/scdah/erg/ermEDS.pdf
		+	#Digital Certificate. Retrieved on April 2th 2008, from <http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211947,00.html>

Ribeirag at 02:53, 7 April 2008

2008-04-07T02:53:08Z

Show changes

Ribeirag: /* Benefits */

2008-04-05T22:05:50Z

Benefits

← Older revision		Revision as of 22:05, 5 April 2008
Line 33:		Line 33:

	===Benefits===		===Benefits===
		+	Below are some common reasons for applying a digital signature to communications
		+
		+	#Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by that user. The importance of high confidence in sender authenticity is especially obvious in a financial context.
		+	# It ensures data Integrity giving the user piece of mind that the message or transaction has not been accidentally or maliciously altered. This is done cryptographically.
		+	# Digital signature ensures confidentiality and ensure that messages can only be read by authorized intended recipients.
		+	# Digital certificates also verify date and time so that senders or recipients can not dispute if the message was actually sent or received.
		+
	===Algorithms===		===Algorithms===
	===Some Applications===		===Some Applications===

Ribeirag: New page: '''Digital Signatures''' are a type of [http://en.wikipedia.org/wiki/Asymmetric_key_algorithm asymmetric cryptography] or used to simulate the security properties of a handwritten signat...

2008-04-05T21:38:03Z

New page: '''Digital Signatures''' are a type of [http://en.wikipedia.org/wiki/Asymmetric_key_algorithm asymmetric cryptography] or used to simulate the security properties of a handwritten signat...

New page

'''Digital Signatures''' are a type of [http://en.wikipedia.org/wiki/Asymmetric_key_algorithm asymmetric cryptography] or used to simulate the security properties of a handwritten signature on paper. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

There is confusion between the terms [http://en.wikipedia.org/wiki/Electronic_signature electronic signature] and digital signature. Most, especially those with an information theory or cryptography background, use "digital signature" to refer to a digital signature protocol using cryptographic techniques, as is sometimes applied to an 'electronic document'. Many, however, use the terms interchangeably, leading to considerable confusion as cryptographic signature techniques are very different, whatever the term used, than other electronic signatures and have extremely different security properties. Since it is the security properties which are of interest in signatures of all kinds, this is a very significant distinction. Digital signature is properly a subset of electronic signature.

== History ==
The [http://en.wikipedia.org/wiki/History_of_cryptography history of cryptography] begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper.

The first invention of asymmetric key algorithms was by James H. Ellis, Clifford Cocks, and Malcolm Williamson at GCHQ in the UK in the early 1970s; these inventions were what later became known as Diffie-Hellman key exchange, and a special case of RSA. The GCHQ cryptographers referred to the technique as "non-secret encryption". These inventions were not publicly disclosed at the time, and the fact that they had been developed was kept secret until 1997.

The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the [http://www.di-mgt.com.au/rsa_alg.html RSA algorithm].

==Cryptography==
Cryptography is the practice and study of hiding information. In modern times, cryptography is considered to be a branch of both mathematics and computer science, and is affiliated closely with information theory, computer security, and engineering. Cryptography is used in applications present in technologically advanced societies; examples include the security of ATM cards, computer passwords, and electronic commerce, which all depend on cryptography.
=== Asymmetric key ===
[http://www.cs.cornell.edu/Courses/cs513/2007fa/TL04.asymmetric.html Asymmetric cryptography], is a form of cryptography in which a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed. The keys are related mathematically, but the private key cannot be practically derived from the public key. A message encrypted with the public key can be decrypted only with the corresponding private key.

=== Symmetric key ===
[http://www.cs.bham.ac.uk/~mdr/teaching/modules04/security/lectures/symmetric-key.html Symmetric cryptography] refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976.<sup>[1]</sup>
Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data.

==Digital Signature==
A digital signature scheme typically consists of three algorithms

* A key generation algorithm G that randomly produces a "key pair" (PK, SK) for the signer. PK is the verifying key, which is to be public, and SK is the signing key, to be kept private.
* A signing algorithm S, that on input of a message m and a signing key SK, produces a signature σ.
* A signature verifying algorithm V, that on input of a message m, a verifying key PK and a signature σ, either accepts or rejects.

Two main properties are required. First, signatures computed honestly should always verify. That is, V should accept (m, PK, S (m, SK)) where SK is the secret key related to PK, for any message m. Secondly, it should be hard for any adversary, knowing only PK, to create valid signature(s).

===Benefits===
===Algorithms===
===Some Applications===

== Digital Certificate ==

== See Also ==
[http://en.wikipedia.org/wiki/Digital_signatures_and_law Digital Signatures and Laws]

== References ==

#^Whitfield Diffie and Martin Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, Nov. 1976, pp: 644–654
#http://www.infosecwriters.com/text_resources/pdf/Public_Key_Cryptography_AMS.pdf
#http://www.state.sc.us/scdah/erg/ermEDS.pdf

== External links ==
[http://en.wikipedia.org/wiki/Electronic_signature Electronic Signature]

[http://en.wikipedia.org/wiki/History_of_cryptography History of Cryptography]

[http://www.di-mgt.com.au/rsa_alg.html RSA Algorithm]

--[[User:Ribeirag|Ribeirag]] 17:38, 5 April 2008 (EDT)