Introducing Digital Signatures
Digital signatures are to electronic documents what human signatures are to paper documents. Like paper signatures, they bear testimony to the authenticity of the document by the sender.
To the naked eye, digital signatures are nothing more than a sequence of meaningless numbers and digits. But for applications that understand them, they are unique thumbprints of a private document in encrypted format.
The process of digital signing is as follows:
The sender application uses a specific mathematical formula to compute a digital signature of a secure document to be transmitted across the network. The formula takes two inputs: the actual data inside the document and a secret private key that is held only by the sender.
This digital signature is appended with the original document (encrypted, in most of the cases) and transmitted.
The receiving application uses another mathematical formula to ensure the validity of the digital signature. In this case, the formula takes three inputs: the data received by the receiver, the sender's public key (which is linked to the private key of the sender), and the accompanying digital signature.
How do digital signatures address non-repudiation and integrity? As follows:
Non-repudiation: Because digital signatures are generated with the sender's private key, which is held only by the sender and not available to anybody else, it assures that the sender is indeed who he claims to be. During signature verification, the receiver uses a corresponding public key, which is linked to the private key of the sender. This ensures that the sender's private key is authentic. Thus, digital signatures assure non-repudiation.
Digital signatures are very sensitive to any changes made in the original signed document. If any minor changes are observed in the original document during signature verification, the signature verification process fails! Thus, digital signatures assure the integrity of the transmitted data. In fact, the signatures are so sensitive to minor changes such as white spaces that it necessitated the formulation of a preprocessing algorithm called canonicalization process (discussed later).
Those who have read my earlier article on encryption will realize that digital signature is the converse of encryption. For the former, the private key held at the receiving end ensures confidentiality; for the latter, the private key held at the sending end assures non-repudiation and integrity.
XML signatures represent the evolution of digital signature technology, as applied to XML documents with direct implications to Web services security.