An electronic signature is a mathematical circuit designed to display the authenticity of electronic messages or documents. A valid digital signature provides every reason for the recipient to believe that the message was created using the well-known sender, that it was indeed sent (authentication and reliability), and that the message was not changed during the transmission (integrity).
Answering the question: βEDS - what is it?β - It is worth noting that digital signatures are a standard element of most cryptographic sets of protocols and are usually used for software distribution, financial transactions, as well as in many other cases when it is important to determine forgery or falsification.
Digital signatures are often used to implement electronic signatures. This is a broader term that refers to any electronic type data. However, not every electronic signature is digital.
Digital signatures use asymmetric cryptography. In many cases, they provide a certain level of verification and security for messages that were sent over an insecure channel. Being correctly implemented, a digital signature suggests that the message was sent using the declared sender. Digital stamps and signatures are equivalent to handwritten signatures and real stamps.
EDS - what is it?
Digital signatures are similar to traditional handwritten signatures in many ways, and are more difficult to fake than handwritten ones. Digital signature schemes have cryptographic foundations and must be properly implemented so as not to lose efficiency. How to sign a digital signature? You need to use 2 paired crypto keys.
EDS can also implement the principle of reliability. This means that the subscriber cannot successfully claim that he did not sign the message. In addition, some schemes offer a timestamp for digital signing, and even if the private key is affected, the signature remains valid. EDS can be represented as a bit string and can be applied in e-mail, contracts, or messages sent using any cryptographic protocol.
Public key cryptography or EDS structure
What it is? The digital signature scheme includes three algorithms simultaneously.
A key generation algorithm that selects a secret key uniformly and randomly from the set of possible quotients. He gives out a secret key and going with him in a pair open.
The signature algorithm, which, given the message and the private key, actually produces the signature.
A signature verification algorithm that takes into account the message, public key and signature and accepts or rejects the sending of the letter, determining the authenticity.
How to install a digital signature?
In order to use a digital signature, it is necessary to endow it with two basic properties. What needs to be considered before signing a digital signature document?
First, the authenticity of a signature generated from a fixed message and a secret key can be verified using the corresponding public information.
Secondly, it should be computationally impracticable to find the right signature without knowing the secret key. EDS is an authentication mechanism that allows a message creator to attach a code that acts as a signature.
The use of digital signatures
As modern organizations are gradually moving away from paper documents with ink signatures, EDS can provide additional authentication and proof of authorship, identity and status of the document. In addition, a digital signature can be a means of confirming the informed consent and approval of the signatory. Thus, EDS for individuals is a reality.
Authentication
Although the letters may include detailed information, it is not always possible to reliably determine the sender. Digital signatures can be used to authenticate a message source. When the EDS secret key is tied to a specific user, this confirms that the message was sent to them. The value of confidence that the sender is genuine is especially evident in financial matters.
Integrity
In many scenarios, the sender and the recipient of the letter need to be accurately confirmed that it was not changed during transmission. Although encryption hides the contents of the sent object, it is only possible to change the encrypted message without understanding its meaning. Some encryption algorithms can prevent this, but not in all cases. In any case, checking the digital signature during decryption will detect a violation of the integrity of the letter.
However, if the message is digitally signed, any change in it after signing will disavow the signature. In addition, there is no effective method to change the message and produce a new one with a valid signature, because it is considered computationally impossible.
Non-repudiation
Indisputability or the impossibility of denying the origin of writing is an important aspect in the development of EDS. What it is? This means that the legal entity that sent some information cannot further deny that it signed it. Similarly, access to the public key does not allow attackers to fake a valid signature. The use of EDS for individuals has the same consequences.
At the same time, attention should be paid to the fact that all the properties of authenticity, reliability, etc. depend on the secret key, which should not be revoked before its use. Public keys must also be revoked in combination with secret keys after use. Checking EDS for βrecallβ occurs on a specific request.
Entering a secret key on a smart card
All cryptosystems that operate on the principles of using public / private keys are completely dependent on the content of the data in secret. The EDS secret key can be stored on the user's computer and be protected with a local password. However, this method has two disadvantages:
- the user can sign documents exclusively on this particular computer;
- the security of the private key depends entirely on the security of the computer.
A more reliable alternative for storing a private key is a smart card. Many smart cards are protected against unauthorized interference.
Typically, the user must activate their smart card by entering a personal identification number or PIN (thus providing two-factor authentication). It can be arranged so that the private key never leaves the smart card, although this is not always implemented in the crypto EDS.
If the smart card is stolen, the attacker will still need a PIN to create a digital signature. This somewhat reduces the security of this circuit. The mitigating factor is that the generated keys, if they are stored on smart cards, are usually difficult to copy, it is assumed that they exist in only one instance. Thus, when the loss of a smart card is detected by the owner, the corresponding certificate can be immediately revoked. Software-only private keys are easier to copy, and such leaks are much more difficult to detect. Therefore, the use of EDS without additional protection is unsafe.