A digital signature is an electronic signature that can be used to authenticate the identity of the sender for the message or the signer of a document and to ensure that the original content of the message and document that has been sent is unchanged. Digital signatures are easily transportable, can’t be imitated by someone else, and can be automatically time-stamped. A digital signature can be used with any kind of message, whether it is encrypted or plaintext.
Thus Digital Signatures provide the following three features:
Authentication: Digital signatures are used to authenticate the source of messages. The ownership for the digital signature key is bound for the specific user and thus a valid signature shows that the message was sent by that user.
Integrity: In many scenarios, the sender and receiver of a message need assurance that the message has not been altered during transmission. Digital Signatures provide this feature by using cryptographic message digest functions.
Non Repudiation: Digital signatures ensure that the sender who has signed the information cannot at a later time deny having signed it.
How Digital Signatures work
The Digital Signatures require a key pair (asymmetric key pairs, mathematically related large numbers) called the Public and Private Keys. Just as physical keys are used for the locking and unlocking, in cryptography, the equivalent functions are encryption and decryption. The private key is kept confidential with the owner usually on a secure media like crypto smart card and crypto token.
The public key is shared with everyone. Information encrypted by a private key can only be decrypted using the corresponding public key. In order to digitally sign an electronic document, the sender uses his or her Private Key. In order to verify the digital signature, the recipient uses the sender’s Public Key. For assume you are going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you had sent and that it is really from you.
1. You copy-and-paste the contract into an e-mail note. Get electronic form of a document ( for instance: word or pdf file)
2. Using special software, you obtain a message hash (fixed size bit string) of the contract.
3. You then use your private key to encrypt the hash.
4. The encrypted hash becomes your digital signature of the contract and is appended to the contract.
At the other end, your lawyer receives the message.
1. To make sure the contract is intact and from you, your lawyer generates a hash of the received contract.
2. Your lawyer then uses your public key to decrypt the Digital Signature received with the contract.
3. If the hash generated from the Digital Signature matches the one generated in Step 1, the integrity of the received contract is verified.
Difference between Electronic Signatures and Digital signatures
An electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. An Amendment to IT Act in 2008 has introduced the term electronic signatures. The implication of this Amendment is that it has helped to broaden the scope of the IT Act to include new techniques as and when technology becomes available for signing electronic records apart from Digital Signatures.
Digital Signature Certificates
Certificates serve as identity of an individual for a certain purpose, for example: a driver's license identifies someone who can legally drive in a particular country. Likewise, a Digital Signature Certificate (DSC) can be presented electronically to prove your identity and your right to access information or services on the Internet.
A Digital Signature Certificate is an electronic document which uses a digital signature to bind together a public key with an identity, information such as the name of a person or an organization, their address and so forth. The certificate can be used to verify that a public key belongs to the individual. Digital certificates are the digital equivalent (for example: electronic format) of physical or paper certificates.
Examples of physical certificates are driver's licenses, passports or membership cards. Digital Signature Certificates are endorsed by a trusted authority empowered by law to issue them, known as the Certifying Authority or CA. The CA is responsible for vetting all applications for Digital Signature Certificates, and once satisfied, generates a Digital Certificate by digitally signing the Public key of the individual along with other information using its own Private Key.
The eSign is the way forward for a secure and time efficient way of signing documents. Built on top of the foundation laid down by Aadhaar, it authenticates the user securely and provides a seamless interface to digitally sign any document. And as a user in a competitive world, you can be the person who moves at a digital speed and can be the person waiting for the ink to dry.
Lorem ipsum viverra feugiat. Pellen tesque libero ut justo, ultrices in ligula. Semper at. Lorem ipsum dolor sit amet elit. Non quae, fugiat nihil ad. Lorem ipsum dolor sit amet. Lorem ipsum init dolor sit, amet elit. Dolor ipsum non velit, culpa! elit ut et.
Lorem ipsum dolor sit amet elit. Velit beatae rem ullam dolore nisi esse quasi, sit amet. Lorem ipsum dolor sit amet elit.
