1|P ag e

Digital Signature in CYBER SECURITY

A digital signature is a mathematical technique which validates the authenticity
and integrity of a message, software or digital documents. It allows us to verify the
author name, date and time of signatures, and authenticate the message contents.
The digital signature offers far more inherent security and intended to solve the
problem of tampering and impersonation (Intentionally copy another person's
characteristics) in digital communications.

The computer-based business information authentication interrelates both

technology and the law. It also calls for cooperation between the people of different
professional backgrounds and areas of expertise. The digital signatures are
different from other electronic signatures not only in terms of process and result,
but also it makes digital signatures more serviceable for legal purposes. Some
electronic signatures that legally recognizable as signatures may not be secure as
digital signatures and may lead to uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is:

Authentication
Authentication is a process which verifies the identity of a user who wants to access
the system. In the digital signature, authentication helps to authenticate the
sources of messages.

Non-repudiation
Non-repudiation means assurance of something that cannot be denied. It ensures
that someone to a contract or communication cannot later deny the authenticity of
their signature on a document or in a file or the sending of a message that they
originated.

Integrity
Integrity ensures that the message is real, accurate and safeguards from
unauthorized user modification during the transmission.
2|P ag e

Algorithms in Digital Signature

A digital signature consists of three algorithms:

1. Key generation algorithm

The key generation algorithm selects private key randomly from a set of possible
private keys. This algorithm provides the private key and its corresponding public
key.

2. Signing algorithm

A signing algorithm produces a signature for the document.

3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's

authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also
known as asymmetric cryptography. By the use of a public key algorithm, such as
RSA, one can generate two keys that are mathematically linked- one is a private
key, and another is a public key.

The user who is creating the digital signature uses their own private key to encrypt
the signature-related document. There is only one way to decrypt that document is
with the use of signer's public key.

This technology requires all the parties to trust that the individual who creates the
signature has been able to keep their private key secret. If someone has access the
signer's private key, there is a possibility that they could create fraudulent
signatures in the name of the private key holder.

The steps which are followed in creating a digital signature are:

1. Select a file to be digitally signed.

2. The hash value of the message or file content is calculated. This message or
file content is encrypted by using a private key of a sender to form the digital
signature.
3|P ag e

3. Now, the original message or file content along with the digital signature is
transmitted.
4. The receiver decrypts the digital signature by using a public key of a sender.
5. The receiver now has the message or file content and can compute it.
6. Comparing these computed message or file content with the original
computed message. The comparison needs to be the same for ensuring
integrity.

Types of Digital Signature

Different document processing platform supports different types of digital
signature. They are described below:

Certified Signatures
The certified digital signature documents display a unique blue ribbon across the
top of the document. The certified signature contains the name of the document
signer and the certificate issuer which indicate the authorship and authenticity of
the document.

Approval Signatures
The approval digital signatures on a document can be used in the organization's
business workflow. They help to optimize the organization's approval procedure.
The procedure involves capturing approvals made by us and other individuals and
4|P ag e

embedding them within the PDF document. The approval signatures to include
details such as an image of our physical signature, location, date, and official seal.

Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This
signature appears on a document in the same way as signatures are signed on a
physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a
document in the taskbar. We can use invisible digital signatures when we do not
have or do not want to display our signature but need to provide the authenticity
of the document, its integrity, and its origin.

Why would you use a digital signature?

Digital signatures increase the transparency of online interactions and develop
trust between customers, business partners, and vendors.

How do digital signatures work?

Familiarize yourself with the following terms to better understand how digital
signatures work:

 Hash function — A hash function (also called a "hash") is a fixed-length

string of numbers and letters generated from a mathematical algorithm and
an arbitrarily sized file such as an email, document, picture, or other type of
data. This generated string is unique to the file being hashed and is a one-
way function— a computed hash cannot be reversed to find other files that
may generate the same hash value. Some of the more popular hashing
algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure
Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5
(MD5).
5|P ag e

 Public key cryptography — Public key cryptography (also known as

asymmetric encryption) is a cryptographic method that uses a key pair
system. One key, called the public key, encrypts the data. The other key, called
the private key, decrypts the data. Public key cryptography can be used
several ways to ensure confidentiality, integrity, and authenticity. Public key
cryptography can
 Ensure integrity by creating a digital signature of the message using
the sender's private key. This is done by hashing the message and
encrypting the hash value with their private key. By doing this, any
changes to the message will result in a different hash value.
 Ensure confidentiality by encrypting the entire message with the
recipient's public key. This means that only the recipient, who is in
possession of the corresponding private key, can read the message.
 Verify the user's identity using the public key and checking it against a
certificate authority.
 Public key infrastructure (PKI) — PKI consists of the policies, standards,
people, and systems that support the distribution of public keys and the
identity validation of individuals or entities with digital certificates and a
certificate authority.
 Certificate authority (CA) — A CA is a trusted third party that validates a
person's identity and either generates a public/private key pair on their
behalf or associates an existing public key provided by the person to that
person. Once a CA validates someone's identity, they issue a digital certificate
that is digitally signed by the CA. The digital certificate can then be used to
verify a person associated with a public key when requested.
 Digital certificates — Digital certificates are analogous to driver licenses in
that their purpose is to identify the holder of a certificate. Digital certificates
contain the public key of the individual or organization and are digitally
signed by a CA. Other information about the organization, individual, and CA
can be included in the certificate as well.
6|P ag e

 Pretty Good Privacy (PGP)/OpenPGP — PGP/OpenPGP is an alternative to

PKI. With PGP/OpenPGP, users "trust" other users by signing certificates of
people with verifiable identities. The more interconnected these signatures
are, the higher the likelihood of verifying a particular user on the internet.
This concept is called the "Web of Trust."

Digital signatures work by proving that a digital message or document was not
modified—intentionally or unintentionally—from the time it was signed. Digital
signatures do this by generating a unique hash of the message or document and
encrypting it using the sender's private key. The hash generated is unique to the
message or document, and changing any part of it will completely change the hash.

Once completed, the message or digital document is digitally signed and sent to the
recipient. The recipient then generates their own hash of the message or digital
document and decrypts the sender's hash (included in the original message) using
the sender's public key. The recipient compares the hash they generate against the
sender's decrypted hash; if they match, the message or digital document has not
been modified and the sender is authenticated.

Why should you use PKI or PGP with digital

signatures?
Using digital signatures in conjunction with PKI or PGP strengthens them and
reduces the possible security issues connected to transmitting public keys by
validating that the key belongs to the sender and verifying the identity of the
sender. The security of a digital signature is almost entirely dependent on how well
the private key is protected. Without PGP or PKI, proving someone's identity or
revoking a compromised key is impossible; this could allow malicious actors to
impersonate someone without any method of confirmation.

Through the use of a trusted third party, digital signatures can be used to identify
and verify individuals and ensure the integrity of the message.

As paperless, online interactions are used more widely, digital signatures can help
you secure and safeguard the integrity of your data. By understanding and using
digital signatures, you can better protect your information, documents, and
transactions.
7|P ag e

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity
and integrity of a message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures, which

assure that the message was sent by a particular sender. While performing
digital transactions authenticity and integrity should be assured, otherwise,
the data can be altered or someone can also act as if he was the sender and
expect a reply.

2. Signing Algorithms: To create a digital signature, signing algorithms like

email programs create a one-way hash of the electronic data which is to be
signed. The signing algorithm then encrypts the hash value using the private
key (signature key). This encrypted hash along with other information like the
hashing algorithm is the digital signature. This digital signature is appended
with the data and sent to the verifier. The reason for encrypting the hash
instead of the entire message or document is that a hash function converts any
arbitrary input into a much shorter fixed-length value. This saves time as now
instead of signing a long message a shorter hash value has to be signed and
moreover hashing is much faster than signing.

3. Signature Verification Algorithms : Verifier receives Digital Signature along

with the data. It then uses Verification algorithm to process on the digital
signature and the public key (verification key) and generates some value. It
also applies the same hash function on the received data and generates a hash
value. If they both are equal, then the digital signature is valid else it is invalid.

The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and
then message digest is encrypted using private key of sender to form the digital
signature. (digital signature = encryption (private key of sender, message
digest) and message digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital
signature is transmitted)
8|P ag e

3. Receiver decrypts the digital signature using the public key of sender.(This
assures authenticity, as only sender has his private key so only sender can
encrypt using his private key which can thus be decrypted by sender’s public
key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual
message is sent with the digital signature).
6. The message digest computed by receiver and the message digest (got by
decryption on digital signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in
which computation of hash value of a message is easy but computation of the
message from hash value of the message is very difficult.

Assurances about digital signatures

The definitions and words that follow illustrate the kind of assurances that digital
signatures offer.
1. Authenticity: The identity of the signer is verified.
2. Integration: Since the content was digitally signed, it hasn’t been altered or
interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all parties.
The act of a signer denying any affiliation with the signed material is known as
repudiation.
4. Notarization: Under some conditions, a signature in a Microsoft Word,
Microsoft Excel, or Microsoft PowerPoint document that has been time-
stamped by a secure time-stamp server is equivalent to a notarization.
9|P ag e

Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This
makes them ideal for any legal document that requires a signature
authenticated by one or more parties and guarantees that the record has not
been altered.
 Sales contracts: Digital signing of contracts and sales contracts authenticates
the identity of the seller and the buyer, and both parties can be sure that the
signatures are legally binding and that the terms of the agreement have not
been changed.
 Financial Documents: Finance departments digitally sign invoices so
customers can trust that the payment request is from the right seller, not from
a bad actor trying to trick the buyer into sending payments to a fraudulent
account.
 Health Data: In the healthcare industry, privacy is paramount for both
patient records and research data. Digital signatures ensure that this
confidential information was not modified when it was transmitted between
the consenting parties.

Drawbacks of Digital Signature

 Dependency on technology: Because digital signatures rely on technology,
they are susceptible to crimes, including hacking. As a result, businesses that
use digital signatures must make sure their systems are safe and have the most
recent security patches and upgrades installed.
 Complexity: Setting up and using digital signatures can be challenging,
especially for those who are unfamiliar with the technology. This may result in
blunders and errors that reduce the system’s efficacy. The process of issuing
digital signatures to senior citizens can occasionally be challenging.
 Limited acceptance: Digital signatures take time to replace manual ones
since technology is not widely available in India, a developing nation.

Digital Certificate
Digital certificate is issued by a trusted third party which proves sender’s identity
to the receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify
the identity of the certificate holder. Digital certificate is used to attach public key
with a particular individual or an entity.
10 | P a g e

Digital certificate contains

 Name of certificate holder.
 Serial number which is used to uniquely identify a certificate, the individual or
the entity identified by the certificate
 Expiration dates.
 Copy of certificate holder’s public key.(used for decrypting messages and
digital signatures)
 Digital Signature of the certificate issuing authority.
Digital certificate is also sent with the digital signature and the message.

Advantages of Digital Certificate

 NETWORK SECURITY : A complete, layered strategy is required by modern
cybersecurity methods, wherein many solutions cooperate to offer the highest
level of protection against malevolent actors. An essential component of this
puzzle is digital certificates, which offer strong defence against manipulation
and man-in-the-middle assaults.

 VERIFICATION : Digital certificates facilitate cybersecurity by restricting

access to sensitive data, which makes authentication a crucial component of
cybersecurity. Thus, there is a decreased chance that hostile actors will cause
chaos. At many different endpoints, certificate-based authentication provides a
dependable method of identity verification. Compared to other popular
authentication methods like biometrics or one-time passwords, certificates are
more flexible.
 BUYER SUCCESS : Astute consumers demand complete assurance that the
websites they visit are reliable. Because digital certificates are supported by
certificate authority that users’ browsers trust, they offer a readily identifiable
indicator of reliability.

Disadvantages of Digital Certificate

 Phishing attacks: To make their websites look authentic, attackers can
fabricate bogus websites and obtain certificates. Users may be fooled into
providing sensitive information, such as their login credentials, which the
attacker may then take advantage of.
11 | P a g e

 Weak encryption: Older digital certificate systems may employ less secure
encryption methods that are open to intrusions.

 Misconfiguration: In order for digital certificates to work, they need to be set

up correctly. Websites and online interactions can be attacked due to
incorrectly configured certificates.

Digital certificate vs digital signature

Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is
assuring that the message is sent by the known user and not modified, while
digital certificate is used to verify the identity of the user, maybe sender or
receiver. Thus, digital signature and certificate are different kind of things but
both are used for security. Most websites use digital certificate to enhance trust of
their users
12 | P a g e

Electronic Signature
Electronic Signature is a digital form of a wet ink signature which is legally
binding and secure but it does not incorporate any coding or standards. It can be
a symbol, image, process attached to the message or document to recognize the
identity and to give consent on it. When we need to only verify the document we
use electronic signature. The validation of electronic signature is not performed
by any trusted certificate authorities or trust service providers so it is not usually
authorized. Electronic signature is very easy to use than digital signature but it is
less secured and less authentic than digital signature.

Advantages:
 Convenience: Electronic signatures can be signed remotely from any location,
making it easier for individuals and businesses to sign documents without
having to be physically present.
 Time-saving: Electronic signatures can be signed instantly, saving time
compared to traditional paper signatures that require mailing, scanning, or
faxing.
 Cost-effective: Electronic signatures can save businesses money on paper, ink,
postage, and storage costs.
 Security: Electronic signatures can be secured using encryption and
authentication protocols, making it difficult for unauthorized persons to access
the signature.

Disadvantages:
 Legal recognition: Electronic signatures may not be legally recognized in all
countries, making it important to check the laws and regulations in the
relevant jurisdiction.
 Technical issues: Electronic signatures can be vulnerable to technical issues,
such as system failures, power outages, and hacking attacks.
 Dependence on technology: Electronic signatures require the use of
technology, such as computers and internet connections, which can be a
disadvantage in areas with limited technological infrastructure.

Similarities:
 Both are used to sign electronic documents and authenticate the identity of the
signer.
 Both are alternatives to traditional ink signatures on paper documents.
13 | P a g e

 Both can be used for remote signing, allowing individuals and businesses to
sign documents from any location.
 Both can save time and money compared to traditional paper-based
signatures.
 Both can be secured using encryption and authentication protocols, providing
a level of security to the signature.
 Both can be used to comply with legal requirements for signing documents in
various jurisdictions.
 Both can be used for a wide range of applications, including business contracts,
financial transactions, and legal documents.
 Both have become increasingly popular in the digital age, as more and more
transactions and communications are conducted online.
 Both can be used to verify the integrity and authenticity of the signed
document.
 Both can help to reduce the risk of fraud and unauthorized access to signed
documents.

Difference between Electronic Signature and

Digital Signature:
14 | P a g e
15 | P a g e