Using Digital Signatures

Much like written signatures, digital signatures may be used to authenticate an associated input. In the written sense, we might find a signature providing authentication on anything from a letter to a legal contract. In the digital sense, a digital signature's input is called a "message." These messages may be anything. They might be an e-mail or a legal contract, or it might even be a message sent in a more complicated cryptographic protocol.

These digital signatures are used to create public key infrastructure (PKI) schemes wherein a user's public key (whether for public key encryption, digital signatures, or another purpose) is linked to a user by a digital identity certificate issued by a certificate authority (CA). These PKI schemes seek to create an unbreakable bond between the user's information (such as name, address, and phone number) and the public key. This relationship allows the user to use these public keys as a form of electronic identification.

Let's look at an example. Figure 13-6 shows the process of using a digital signature to support a PKI scheme in which the user's public key is linked to the user through the digital certificate issued by the CA.

Figure 13-6 PKI

Certificate Authority - Issues the Digital Certificate

Validation Authority - Validates the Authenticity of the Certificate

Key Topic

Registration Authority - Links Certificate to the User's Public Key

A PKI may be used to secure both communications between users, as well as to secure transactions such as e-commerce purchases.

480 Chapter 13: Implementing Digital Signatures Here is how the process works:

1. The user's identity is bound to his public key through the CA. This is carried out through the binding and issuance process.

2. The actual binding of the certificate is done by the registration authority (RA).

3. After the binding, the user may use this certificate to represent himself and in the creation of messages.

4. The user may freely distribute his public key to those with whom he wants to communicate.

5. To provide authenticity of a message, the user may sign his message using his private key. Recipients may then validate the message's authenticity by applying the sender's public key.

6. To secure communications with the holder of the public/private key pair, the user can encrypt a message with the recipient's public key. This message then may be decrypted only through the use of the recipient's private key.

A digital signature (or digital signature scheme) is a form of asymmetric cryptography that is used to simulate the security characteristics of a written signature in digital form. Digital signature schemes typically use two algorithms that employ a pair of public and private keys. One algorithm is used for signing, which involves the user's secret or private key. The other is used to verify these signatures. This typically involves the use of the user's public key. The end result of this signature process is called the digital signature. It has widespread use in electronic security.

0 0

Post a comment