What is Digital Signature?

The digital signature can be defined as the digital code that has been generated and then authenticated with the help of the public key encryption that is attached with a document that is transmitted electronically in order to verify the contents and then the identity of the sender. The digital signature is a mathematical scheme that is very helping full in order to demonstrate the authenticity of the various types of the digital messages or the various documents. E mudhra in the present scenario is a licensed certifying authority of the India that is responsible for the issuance of the various digital signature certificates. A DSC that is referred to as the digital signature certificate is a very secure digital key that certifies the identity of the holder, issued by a certifying authority (CA). It typically contains your identity which can include the name of the holder, the email of the holder, the country of the holder, the APNIC account name and the public key. A digital signature is not at all digital certificate as for the creation of the digital signature; the signer is required to obtain a digital signature certificate. The digital signature certificate is a digital equivalent that is in the electronic format of the physical or the paper certificates. The digital signature is generally referred to as the digital form of the signature that is equivalent of a hand written signature or the stamped seal, but offering far more inherent security, a digital signature is able to solve the big problem of the tampering and the impersonation in the various types of the digital communications. The digital signatures can provide the added assurances of the evidence to the origin, the identity and the status of an electronic document, the transaction or the message as well as of providing the acknowledgement of the informed consent by the signer. In the today’s times, a large no of the countries including the United States of the America, the digital signatures have been of the same legal significance as the other traditional forms of the signed documents. The printing office of the United States of the America government publishes the electronic versions of the budget, the public and the private laws and the various congressional bills with the help of the digital signatures.

The working of the digital signatures depends on the special type of the phenomenon and before going further, it is very necessary to have an in depth understanding as to how the digital signatures work and how there are very secure in the nature. The working of the digital signatures is based on the public key cryptography, which is referred to as the asymmetric cryptography. With the help of the public key algorithm like the RSA, it helps in the generation of the two keys that are mathematically linked, one private and one the public. To create a digital signature, the signing soft ware like the program of the e mail helps in the creation of the one way hash of the electronic data that is to be signed. The private key is then used to encrypt the hash and then this encrypted hash comes along the other type of the information that is present like the hashing algorithm, is a digital signature. The one and the only reason that causes the encryption of the hash instead of the entire message or the document is that a hash function is able to convert an arbitrary in put in to a fixed length value that is comparatively much shorter. As a result of this a large amount of the time is saved as the hashing is much faster as compared to the signing. The value of the hash is very unique as compared to the data that has been hashed as any type of the change in the data, even a small type of the changing or even deleting a single character results in the achievement of the different type of the value. As a result of this, the attribute helps in the enabling of the others in order to validate the integrity of the data with the help of the signer’s public key just to decrypt the hash. In any of the case, if the decrypted hash matches a second computed hash of the same data, it proves that the data has not been able to change it self as it was already signed. In any of the case, the two hashes don’t match, the data has either got tampered with in some of the way, which can be an integrity issue too or the signature was created with a private key that does not correspond to the public key that has been presented by the signer.

One of the major ability of the digital signature is that the digital signature can be used with the any kind of the message whether it is in the encrypted form or not, just to ensure that the receiver particularly knows of the identity of the sender and the message that has arrived is very much in tact in the nature. But the digital signatures make it very difficult for the signer to ignore having signed some thing, just assuming their private key has not at all been compromised. The digital signature is very unique to both the document as well as the signer as it is able to bind both of them together. A digital certificate, an electronic document is found to be containing the digital signature of the certificate issuing authority and this in turn helps in binding both of them together in a public key with an identity and all this can be used in the verification of the public key that is belonging to the particular person or the any type of the entity. If in any of the case, the two hash values don’t match, the message has not been tampered with; the receiver knows that the message is from the sender. The most modern of the e mail programs have been found to be supporting the use of the digital signatures and also of the digital certificates, making it very easy to allow the signing of the out going e mails and then to validate the digitally signed in coming messages. The digital signatures are also used a lot in order to provide the proof of the authenticity, the integrity of the data and the non repudiation of the communications and the transactions that have been conducted over the internet in the due course of the time. In order to have an in depth analysis of the digital signature, it is very critical here to under stand certain terms that play a very major role in the working of the digital signatures. the first one is the certificate revocation list and this can be defined as the list that contains a no of the digital certificates that have been revoked by the issuing certificate authority, before the expiration date that has been scheduled and hence should no longer be trusted. The certificate revocation list are actually a type of the black list that have been used by the various types of the end points including the web browsers that help in the verification of the validity of the certificate and whether it is trust worthy or not. The digital certificates are used in the process of the encryption just in order to secure the communications by making the use of the TLS/SSL protocol. The certificate that has been signed by the issuing certificate authority also provides the proof of the owner of the certificate.

In any of the case in which the connection is made between the web browsers to a site that has been using the TLS, the web servers digital certificate is checked for the anomalies or the problems, part of this process generally includes the checking of the fact that the certificate is not listed in a certification revocation list. These checks arte very crucial in the nature and just act as the steps in any of the certificate based transaction as they allow a user to verify the identity of the owner of the site and then ultimately discover whether the certificate authority is still in a position to consider the digital certificate trust worthy. The x-509 standard helps and plays a very critical role in defining and then giving the in depth analysis of the format and the semantics of a CRL for a particular public key infra structure. Each entry in a list of the certificate revocation involves the serial no of the revoked certificate and the revocation of the date. The CRL file is signed by the certificate authority just in order to prevent the tampering of the data. The optical information includes a limit of the time if the revocation applies for only the period of the time and a reason for the revocation. The CRLs always contain the certificates that have been irreversibly revoked or that have been marked as a temporarily in valid or are kept on the hold. The digital certificates are revoked for the many reasons. If a CA discovers that it has improperly issued any type of the certificate like the point that it may revoke the original certificate and then after this re issue a new one. In another of the case if the certificate is allowed to be discovered to be counterfeit, the CA will have to revoke it and then finally add it to the CRL. The most common of the reasons for the revocation occurs when a private key of the certificate has been compromised. The certificate can also be revoked in a scenario where issuing CA is being compromised. The owner of the certificate no longer owning the domain for which it was issued, the owner of the certificate ceasing the operations entirely or the original certificate being replaced with the help of the different type of the certificate from a different type of the user. One of the major problems of the certificate revocation list is that these are very difficult to maintain and this problem is present with all the types of the black lists. This type of the black list, the certificate revocation list is that these are an inefficient method of the distribution of the critical information in the real time. When a certificate authority receives a CRL request from a browser, it then returns a complete full list of all the certificates that have been revoked. Although the CRL may be up dated as often as the hourly, this time the gap could allow a revoked certificate to be accepted particularly because of the CRL’s are cached to avoid the incurring of the over head involved with the repeatedly down loading them. If any of the case, if the CRL is not available, then any type of the operations depending upon the certificate acceptance will be prevented and that may create a type of the denial of the service. Also carious other types of the vulnerabilities of the security can be present and this is mainly because of the reason of the different types of the browsers handling the CRLs differently. Unless it is an extended validation certificate, some of the browsers only check the validity of the server’s certificate and not at all attempt to check the full entire chain of the certificates that are required for carrying on with the process of the validation. The on line certificate status protocol is an alternative to using the CRL’s and instead of having to down load the latest CRL and check whether a requested URL is on the list, now the browser requires to send the certificate for the site in the question to the certificate authority. The CA then returns a value of the good, the revoked, and the unknown for that certificate. This approach transfers far less data which does not need to be parsed before it can be used.