Friends, by the way, you use Signatures in place in your life. Signature means signature This is a sign of our consent. If somewhere we are writing our signature, then it means that we are expressing our consent with that thing. For example, in a bank's check book, or in any government document where we have consent, we write our signature.
But have you ever thought that these Signatures can also be fake. There are many people who can imitate any Signature exactly. Now there is something to be afraid of because if someone will loot our hard earned money from such fake signatures, then it is really a matter of fear.
But now you do not panic because now we have started using Digital Signature instead of Physical Signature. Due to which the work of such ransom is impossible. So today in this article we will know what is this Digital Signature and how to make Digital Signature. So what's the delay, let's start.
What is Digital Signature
Digital Signature is such a technique by which we can know the truth of any document. By this we can find out how Authentic or Genuine that document is.Digital Signature has been made in such a way that if any tampering has been done then it can be easily recognized. From this, accurate information about the origin, identity and status of that electronic document is obtained.
A valid digital signature gives us the assurance that the sent documents have been sent by a known sender, it confirms that. And even that sender cannot turn his back on this.
Digital Signature is a standard element for many Cryptographic Protocol Suites and they are used in many places like Software Distribution, Financial Transaction and Contract Management Software so that forgery can
How to Create a Digital Signature and How it Works
Digital Signature is based on Public Key Cryptography which is also called Asymmetric Cryptography. It generates two keys by using Public Key Algorithm like RSA which are Private and Public. And both these keys are linked mathematically.To create a digital signature, with the help of Signing Software, a one-way hash of the electronic data that is to be signed is made. Then the hash is encrypted with the help of private key. This encrypted hash and other information associated with it like Hashing Algorithm is called Digital Signature.
Here we encrypt the empty Hash instead of the entire message, because with the help of the Hash Function, we can convert any arbitrary input into a fixed length value, which is usually smaller than usual. This saves time because Hashing is much faster than Signing.
The value of Hash is unique if we look at its Hashed Data. If there is any change in that data, even if one character is manipulated then some other value will show in the result.
This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash. If the decrypted hash matches with the other computed hash, then it proves that there has been no change in the data. And if the data of both the Hash does not match, then it is possible that some change has definitely taken place in the data, it cannot be trusted any more.
Now I want to explain to you guys by giving a simple example. Suppose there is a man "A" who wants to send some important document through email to another person who is "B".
The hash function (a small program) is applied in the document which needs to be digitally signed and from which a "numbered sequence" is generated which is called Hash.
After that the same hash is encrypted with “Sender Private Key”. After doing this, now that document becomes digitally signed. And it is sent to another man. Now the second person "B" gets the Signed Document, now he will have to do some important things to check the authenticity of that document.
First of all, he had to use "Hash function" on that document, from which he would get Hash (which we also call H1) in the result. Second step he has to decrypt that Signed Document by using “Sender Public Key” and from which he will get Hash (which we also call H2) in the result.
Now both H1 and H2 have to be compared, and if both H1 and H2 come out, then we can say that the Signed Document is completely original and there is no manipulation in it.
Section 3 shows Digital Signature as legal under the Information Technology Act, 2000 (which was updated in 2008). In Section 35, it is very well explained that which Certifying Authority will issue “Digital Signature Certificate” if an applicant has generated Digital Signature.
Here we encrypt the empty Hash instead of the entire message, because with the help of the Hash Function, we can convert any arbitrary input into a fixed length value, which is usually smaller than usual. This saves time because Hashing is much faster than Signing.
The value of Hash is unique if we look at its Hashed Data. If there is any change in that data, even if one character is manipulated then some other value will show in the result.
This attribute enables others to validate the integrity of the data by using the signer's public key to decrypt the hash. If the decrypted hash matches with the other computed hash, then it proves that there has been no change in the data. And if the data of both the Hash does not match, then it is possible that some change has definitely taken place in the data, it cannot be trusted any more.
Now I want to explain to you guys by giving a simple example. Suppose there is a man "A" who wants to send some important document through email to another person who is "B".
The hash function (a small program) is applied in the document which needs to be digitally signed and from which a "numbered sequence" is generated which is called Hash.
After that the same hash is encrypted with “Sender Private Key”. After doing this, now that document becomes digitally signed. And it is sent to another man. Now the second person "B" gets the Signed Document, now he will have to do some important things to check the authenticity of that document.
First of all, he had to use "Hash function" on that document, from which he would get Hash (which we also call H1) in the result. Second step he has to decrypt that Signed Document by using “Sender Public Key” and from which he will get Hash (which we also call H2) in the result.
Now both H1 and H2 have to be compared, and if both H1 and H2 come out, then we can say that the Signed Document is completely original and there is no manipulation in it.
Digital signature under the Indian Law. (Legal Aspect)
Now this question must be coming in your mind that whether this Digital Signature is certified by our Indian Law or not. So do not panic, I am going to give you complete information about this.Section 3 shows Digital Signature as legal under the Information Technology Act, 2000 (which was updated in 2008). In Section 35, it is very well explained that which Certifying Authority will issue “Digital Signature Certificate” if an applicant has generated Digital Signature.
What is the difference between Digital Certificate and Digital Signature?
Let me tell you that there is a lot of difference between both digital certificate and digital signature. Digital Certificate is used to verify the trustworthiness of a website where as Digital Signature is used to verify the key of a document.Is it safe to use Digital Certificate?
So in this context we can say that as long as your private key is safe with you, it is completely safe to use Digital Certificate. For your information, let me tell you that Private Keys are generated and stored in FIPS compliant Cryptographic Token, so it is impossible to temper it.We can say that Private Keys are made in that Cryptographic Token only, it stays there and it dies within it and it never comes out. Private Keys are required during Digital Signing to use it in a software and a PIN is also required to do so. So you have to keep this cryptographic token as well as that PIN secure.
For this reason, it is very safe because in order to access someone's digital signature, you will have to know their cryptographic token as well as their PIN.
Integrity: If there is any difference in a single bit, after digital signing, then this completely proves that this document is not trustworthy any more.
Non-repudiation: If a user has done his digital signing in a document, then later he cannot deny this. This is because the signing cannot be faked by using the public keys of any user.
This is because in Digital Signature an electronic identity is cryptographically binded to an electronic document. And which cannot be copied so easily.
Because with their help it is very easy to validate the digital signed incoming message. For this reason, Digital Signature is being used very much because they provide evidence of authenticity, data integrity and non-repudiation of digital documents if we talk about any transaction in the Internet.
For this reason, it is very safe because in order to access someone's digital signature, you will have to know their cryptographic token as well as their PIN.
Advantages of Digital Signature
The main task of Digital Signature is to prevent any kind of tampering and imparsonation (act of disguising) with any digital documents. With the help of this, we get to know about the real truth of any digital document whether it is real or fake.These are the main advantages of Digital Signature:
Authentication: As we know that Digital Signature is linked with Private Keys of any user and only he can use it, due to this it is known here who is the real owner of this document.Integrity: If there is any difference in a single bit, after digital signing, then this completely proves that this document is not trustworthy any more.
Non-repudiation: If a user has done his digital signing in a document, then later he cannot deny this. This is because the signing cannot be faked by using the public keys of any user.
Digital Signatures vs Paper Signature
If we talk about which signature is more secure, then it can be said that Digital Signature is more secure than Paper Signature. This is because ink signature or paper signature can be copied very easily. But it may not be so easy if we talk about Digital Signature.This is because in Digital Signature an electronic identity is cryptographically binded to an electronic document. And which cannot be copied so easily.
About Digital Signatures
If I say something about today's door, then I can say that nowadays many such modern email programs have come in the market which support Digital Signature and Digital Certificate, and have made it very easy to go to email. .Because with their help it is very easy to validate the digital signed incoming message. For this reason, Digital Signature is being used very much because they provide evidence of authenticity, data integrity and non-repudiation of digital documents if we talk about any transaction in the Internet.