Let starts with the intro of DS.
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.
Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures.
There are several ways to authenticate a person or information on a computer:
Password: The use of a user name and password provide the most common form of authentication. You enter your name and password when prompted by the computer. It checks the pair against a secure file to confirm. If either the name or password do not match, then you are not allowed further access.
Checksum: Probably one of the oldest methods of ensuring that data is correct, checksums also provide a form of authentication since an invalid checksum suggests that the data has been compromised in some fashion. A checksum is determined in one of two ways. Let's say the checksum of a packet is 1 byte long, which means it can have a maximum value of 255. If the sum of the other bytes in the packet is 255 or less, then the checksum contains that exact value. However, if the sum of the other bytes is more than 255, then the checksum is the remainder of the total value after it has been divided by 256.
CRC (Cyclic Redundancy Check): CRCs are similar in concept to checksums but they use polynomial division to determine the value of the CRC, which is usually 16 or 32 bits in length. The good thing about CRC is that it is very accurate. If a single bit is incorrect, the CRC value will not match up. Both checksum and CRC are good for preventing random errors in transmission, but provide little protection from an intentional attack on your data. The encryption techniques below are much more secure.
Private key encryption: Private key means that each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to the other computer. Private key requires that you know which computers will talk to each other and install the key on each one. Private key encryption is essentially the same as a secret code that the two computers must each know in order to decode the information. The code would provide the key to decoding the message. Think of it like this. You create a coded message to send to a friend where each letter is substituted by the letter that is second from it. So "A" becomes "C" and "B" becomes "D". You have already told a trusted friend that the code is "Shift by 2". Your friend gets the message and decodes it. Anyone else who sees the message will only see nonsense.
Public key encryption: Public key encryption uses a combination of a private key and a public key. The private key is known only to your computer while the public key is given by your computer to any computer that wants to communicate securely with it. To decode an encrypted message, a computer must use the public key provided by the originating computer and it's own private key.
The key is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value.
Digital certificates: To implement public key encryption on a large scale, such as a secure Web server might need, requires a different approach. This is where digital certificates come in. A digital certificate is essentially a bit of information that says the Web server is trusted by an independent source known as a Certificate Authority. The Certificate Authority acts as the middleman that both computers trust. It confirms that each computer is in fact who they say they are and then provides the public keys of each computer to the other.
The Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). DSS is the format for digital signatures that has been endorsed by the US government. The DSA algorithm consists of a private key that only the originator of the document (signer) knows and a public key.
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, and members of the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused.
The Digital Signature algorithm can also be used under the .NET domain for the purpose of Digital Signature basically for the purpose of security.
To Digitally Sign a message , we can use any of the hash algorithm available out there. In the case of RSA , we use Public Key to encrypt and Private key to decrypt the message. Digital signature uses Private key to compute signature and Public key to verify ( you can only verify signature ) This is because RSA algorithm has
got a property which can be mathematically depicted as f(g(M)) == g(f(M)).
Coding for DSA physically needs the support of SHA.
The Secure Hash Algorithm is one of a number of cryptographic hash functions published by the National Institute of Standards and Technology(NIST) as a U.S. Federal Information Processing Standard. There are currently three generations of Secure Hash Algorithm:
SHA-1 is the original 160-bit hash function. Resembling the earlier MD5(Message Digest) algorithm, this was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Originally just called "SHA", it was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1. The original withdrawn algorithm is now known by the retronym SHA-0.
SHA-2 is a family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standardized, known as SHA-224 and SHA-384. These were also designed by the NSA.
SHA-3 is a future hash function standard still in development. This is being chosen in a public review process from non-government designers. An ongoing NIST hash function competition is scheduled to end with the selection of a winning function, which will be given the name SHA-3, in 2012.
using System.Security.Cryptography; //namespace provides cryptographic services
static void Main(string args)
byte data = Encoding.UTF8.GetBytes("Hello World");
SHA1 hasher = SHA1.Create();
using (var publicprivate =
signature = publicprivate.SignData(data, hasher);
publickey = publicprivate.ExportCspBlob(false);
using (var publiconly =
Console.WriteLine(publiconly.VerifyData(data, hasher, signature));
data = 0;
Console.WriteLine(publiconly.VerifyData(data, hasher, signature));
Just as with any technology, there will be plus and minuses. This is the way it is with anything, whether it is technology related or not. The advantages of using digital signatures are:
Advantages of DS:
Imposter prevention: By using digital signatures you are eliminating the possibility of committing fraud by an imposter signing the document. Since the digital signature cannot be altered, this makes forging the signature impossible.
• Message integrity: By having a digital signature you are in fact proving the document to be valid. You are assuring the recipient that the document is free from forgery or false information.
• Legal requirements: Using a digital signature satisfies some type of legal requirement for the document in question. A digital signature takes care of any formal legal aspect of executing the document.
The disadvantages of using digital signatures involve the primary avenue for any business: money. This is because the business may have to spend more money than usual to work with digital signatures including buying certificates from certification authorities and getting the verification software.