DIGITAL SIGNATURE
Jyotika dhingra1, spardha taneja2, ruchika khetan3
1
Computer Science & Engineering, Dronacharya College of Engineering, Gurgaon, Haryana.
2
Computer Science & Engineering, Dronacharya College of Engineering, Gurgaon, Haryana.
3
Computer Science & Engineering, Dronacharya College of Engineering, Gurgaon, Haryana
Abstract
Digital signatures concept is inherited from traditional paper-based signing and turns it into
a digital "fingerprint". Digital signatures allow us to easily migrate from hefty paper-based
processes to a secure and efficient document.
It is a type of asymmetric cryptography used to simulate the security properties of a
signature in digital.
This "fingerprint", is unique to both the signer and the document. This ensures that the
person who signed is the originator of the message. This fingerprint cannot be reused or
reassigned to anyone else at any time. The digital signature authenticates the originator of
the message and ensures that the message has not been modified after sending. If any
changes were made to the document after it was signed, they would automatically
invalidate the signature, thereby protecting against forgery.
Digital signatures help organizations to sustain signer authenticity, accountability, data
integrity and non-repudiation of documents and transactions.
Digital signature schemes normally give two algorithms, one for signing which involves the
user's secret or private key, and one for verifying signatures which involves the user's
public key. The output of the signature process is called the "digital signature”.
1. What is digital signature?
A digital signature is a series of mathematical processes and terms that transform data (e.g.,
a Word document, PDF, or XML file) into a uniquely coded message so that no other
person other than the originator could identify the text code.
Figure 1: Sample Digital Signature
1.1 Organizational Use
1. Sustain signer authenticity.
2. Accountability.
3. Data integrity.
4. Non-repudiation of documents and transactions.
1.2 Difference between digital and electronic signatures
 Digital signatures are Advanced or Secure Electronic Signatures whereas Electronic
signatures are electronic images that are physically or logically attached to the
signed data
 Digital signatures are a result of a cryptographic operation while adding a sentence
“I, Dipti Bahuguna, sign this document” is good enough to be considered as an
electronic signature.
 The digital signature cannot be copied, tampered or altered. On the other hand,
however, electronic signatures are easy to forge.
 Digital Signature is error free while Electronic one is error prone.
The technology behind digital signatures is a standard known as Public Key
Infrastructure (PKI), which guarantees security.
How digital signature looks like.
2. How it is created?
A digital signature is a series of mathematical processes that transform data (e.g., a Word
document, PDF, or XML file) into a uniquely coded “message digest” example md5
algorithm. The sender encrypts the message digest (known as digital signature), attaches it
to or embeds it in a file, and sends the package to the intended recipient. Once the package
is received and the message digest is decrypted, a determination of authenticity and
integrity can be made.
Digital signature creation usually involves two processes, one performed by the signer and
the other by the receiver of the digital signature:
•
Digital signature creation uses a hash result derived from and unique to both the
signed message and a given private key. For the hash result to be secure there must
be only a negligible possibility that the same digital signature could be created by
the combination of any other message or private key.
•
Digital signature verification is the process of checking the digital signature by
reference to the original message and a given public key, thereby determining
whether the digital signature was created for that same message using the private
key that corresponds to the referenced public key.
If the digital signature matches the identity of the sender one can be reasonably assured that
it was sent by the individual associated with the digital signature. If the message digests
receives the matched message digest as calculated by the recipient.
2.1 The Hash Function
A file (or other collection of data) is transformed into a message digest via a mathematical
function referred to as a “hash.” The hash function reduces the file to a smaller one with a
fixed number of bits. The smaller file contains some representation of the contents of the
actual document.
The hash function acts as any other mathematical formula – the result (message digest/digital
signature) will depend on the operand (file) to which the function is applied. Just as the
mathematical function “multiply by seven” will produce 49 when the operand is seven and 35
when the operand is five, the hash function will create a unique message digest based on the
contents of the file.
Often referred to as a “digital fingerprint,” the digital signature created by the hash function is
wholly unique because individual files have unique contents and characteristics.
There are a number of different hash functions in use including Rivet’s MD5, which reduces
a file to a 128-bit message digest, and NIST’s Secure Hash Algorithm (SHA), which creates a
160-bit message digest.
In addition to being a “collision free” algorithm, or one that creates a wholly unique message
digest, the digital signature created by the hash function should not be able to be reverse
engineered. In other words, given the result of the hash function (i.e., the message
digest/digital signature) it is virtually impossible to reconstruct the document or other
collection of data from that information.
2.3 Encryption
Once the message digest is created by the hash function, it is encrypted.
In order to encrypt any message, an individual requires a unique digital identity to which he
is bound (almost like a social security number). That unique identifier is given a pair of
“keys,” one private (known only to the individual) and one public (used by individuals
exchanging encrypted messages with the owner of the private key).
The keys are actually associated algorithms used to transform data (e.g., message contents)
into a format unintelligible to the human eye and then transform it back again. Only the
associated key can unlock content encrypted by the other.
Once the hash function has been applied to the file and the message digest created, the sender
uses his unique private key to encrypt it. Once encrypted, the digital signature can be
embedded in the file (enveloped) or attached to it as a separate file (detached). The package is
then dispatched to the intended recipient.
Upon receipt, the recipient “unlocks” the message digest via a public key associated with the
sender’s private key (asymmetric cryptography). If the public key successfully decrypts the
digital signature, the file has in fact been sent by the individual associated with the digital
identifier (or, worst case scenario, someone with access to that identifier).
The process of generating, assigning, and managing unique digital identifiers and issuing
keys is carried out by nationally-accredited third parties called Certificate Authorities (e.g.,
Symantec, or Microsoft Certificate Services, which run on Windows server operating
systems). These third parties and the policies that dictate the issuing of digital identifiers are a
large part of the Public Key Infrastructure (PKI) that makes the use of digital signatures and
other security measures feasible.
Also there is an alternative encryption process in which a sender and recipient use the same
key to encrypt and decrypt a file (symmetric encryption). However this is not supported by
digital signatures, which rely on the association between a digital identifier and an individual
to enforce the principle of non-repudiation. In other words, a sender whose digital signature is
attached to a file cannot deny having sent it because his “digital DNA” is associated with it.
Once the message digest has been decrypted the authenticity of the digital signature has been
established and the integrity of the file can be determined.
Once the recipient gets the file and decrypts the digital signature, the same hash function is
applied. If the message digest created on the recipient’s end is identical to the file’s message
digest, it has not been altered since the digital signature was attached or embedded. If there is
a discrepancy between the original and re-created digital signatures, the file has been altered
in some way.
3. Example
I agree
efcc61c1c03db8d8ea8569545c073c814a0ed755
My place of birth is at Gwalior.
fe1188eecd44ee23e13c4b6655edc8cd5cdb6f25
I am 62 years old.
0e6d7d56c4520756f59235b6ae981cdb5f9820a0
I am an Engineer.
ea0ae29b3b2c20fc018aaca45c3746a057b893e7
3.1 Applications

Aadhar cards
Encryption of resident data (PID block) at the time of capture using 2048 bit PKI.
 HMAC (Hmac tag) of PID block to eliminate tampering:
 Hash-based Message Authentication Code (HMAC) is a specific construction for
calculating a message authentication code (MAC) involving a cryptographic hash
function in combination with a secret key. As with any MAC, it is useful to
simultaneously verify both the data integrity and the authenticity of a message.
 AUA license key to enable/disable specific features.
 Digitally signed AUA packet for tamper proofing and authenticity.
How they are authenticated.
4. How to Validate Digital Signatures on e-Aadhar?
In case you see the ‘validity unknown’ icon on your e-Aadhar, please follow the
below procedure: 1) Right click on the ‘validity unknown’ icon and click on ‘Validate Signature’.
2) You will get the signature validation status window, click on ‘Signature
Properties’.
3)
Click on ‘Show Certificate.
4) Verify that there is a certification path named 'CCA India 2011'. This identifies
CCA India as the owner of the digital certificate that has been used when signing the
document.
5) Mark the certification path named 'CCA India 2011', click the 'Trust' tab and
then 'Add to Trusted Identities'.
6) Answer 'OK' to any security question that follows.
7) Check (√) the field for 'Use this certificate as a trusted root' and click 'OK' twice
to close this and the next window.
8) Click 'Validate Signature' to execute the validation.
5. Conclusion
It’s validity relieves both sender and receiver from being part of crime. It is very important
tool in business or any organisation for the authenticity of transaction in all types of
interaction through computer. Most advantage of digital signature is that it can never be
altered because the private key or password is known to the user who has signed the
document.
Digitally signed document can easily detect the act of fraud etc which can’t be easily
detected on a printed or written document.
6. References
http://www.altova.com/digital_signature_technology_primer.html
http://www.signix.com/blog/bid/93731/How-Does-it-Work-Digital-Signature-Technologyfor-Dummies
http://searchcio.techtarget.in/tutorial/Aadhar-project-UID-and-the-role-of-IT-in-its-success
https://eaadhaar.uidai.gov.in/ValidateDocumnet/ValidateDigitalSignatures.htm
http://www.scribd.com/doc/30742303/Digital-Signature-PPT
http://susurs.mii.lu.lv/juris/courses/AC2013/presentations/digital_signatures.ppt
http://www.stqc.gov.in/sites/upload_files/stqc/files/TestingMethodologies3july.pdf
https://tao.truststc.org/Members/yuanxue/network_security/Public%20resources/lecture12_
folder/lecture12
http://www.digitalsignature.co.nz/FAQ/Facts_about_digital_signatures.pdf
http://cca.gov.in/cca/sites/default/files/files/ccapresentation.ppt