Digital Signature By Farah Abu Sahliya

A signature states that the signee accepts and agrees with what is written in the document. But how would you do that for an electronic document? The answer is that you should use digital signature technology. There are many questions to answer regarding digital signature, including what is a Digital Signature? What is needed to create one? How does it work? What is it used for? What are its advantages? And what are its disadvantages? I hope to answer these questions in this report.

A Digital Signature is a type of electronic signature that uses Public Key Cryptography (asymmetric cryptography) so that a receiver of an electronic document (e-mail, Spreadsheet, text, etc…) can know who created it and that it hasn’t been altered since its creation.

To create a Digital Signature you need to possess a verification program and a private key while the receiver must possess your public key. The verification program’s job is to calculate a certain value for the file; this value is called a hash value, or message digest. The sender must have a private key that encrypts the hash value. While the receiver has the sender’s private key, which decrypts the hash value.

The following example simplifies how digital signature systems work: Bob wants to send an important document securely by e-mail to Mr. Smith, so he uses digital signature. After writing the e-mail he uses the verification program that calculates a hash value for the e-mail. He then uses his private key to encrypt the hash value; this encryption of the hash value is the digital signature and is then attached to the e-mail and sent to Mr. Smith. When the e-mail reaches Mr. Smith he uses the verification program and calculates the hash value for the e-mail. After that he uses Bob’s public key to decrypt the hash value that was sent to him by Bob and gets the value that Bob got. Then he compares the two values, if they are equal he knows that the e-mail is authentic. As shown in the following figure from ghacks.net: 

Digital Signature is used for authentication, integrity and non-repudiation ¹(Olzak 2006). Authentication means that the receiver knows who sent the document. As for integrity, it means that the receiver knows that the document hasn’t been altered while in traffic. Non-repudiation is a legal term that basically means in this case that the sender can’t successfully deny that he/she sent the document and at the same time state that his/her private key is secure.

There are 3 advantages for digital signature. First, Digital signatures can prevent imposters from stealing or changing the document, as any slight change to the document will change the hash value. Second, the receiver can know that the document is the real document sent by the sender, this is called message integrity. And finally, every legal or financial document must be signed by whoever the document concerns, digital signatures fulfill these legal requirements for electronic documents.

The disadvantage of digital signatures lies in that it is more expensive than regular signatures as you must buy the verification programs and the private & public keys, which are issued from the Certificate Authority ²(Methods of Solutions 2010).

I believe that even though digital signature is more expensive it still is a great way to securely transfer information. Public key cryptography makes it difficult for a hacker to steal the information, while keeping message integrity for the document at the same time. And I really hope that this technology is implemented here in Palestine.

References:

1: Olzak, T 2006, Electronic Signatures and the Law. 1 April 2006. Adventures in Security. Available from:

 >http://it.toolbox.com/blogs/adventuresinsecurity/electronic-signatures-and-the-law-8561<  

2: Method~of~Solutions 2010, Definition, Advantages And Disadvantages Of Digital Signatures. Available from: >http://dulawat.com/2010/07/18/definition-advantages-and-disadvantages-of-digital-signatures<

Figure Available from: <http://www.ghacks.net/2007/04/26/encrypt-and-sign-all-your-email-traffic/>