Buzz
A digital signature serves as a method to verify the authenticity of an electronic document (such as an email, spreadsheet, or text file). Being authentic means confirming both the creator's identity and the fact that the document remains unaltered since its creation.
Digital signatures depend on certain types of encryption to establish authenticity. Encryption involves converting data being sent from one computer to another into a code that only the receiving computer can decipher. Authentication, on the other hand, ensures that the information is coming from a trustworthy source. Both processes work together to verify a digital signature.
There are multiple methods available to verify a person or information on a computer:
Password - The most common authentication method involves using a username and password. You enter your credentials when prompted, and the system checks them against a secure database. If either the username or password doesn't match, access is denied.
Checksum - One of the oldest methods for ensuring data integrity, checksums also act as a form of authentication, as an invalid checksum indicates that the data may have been tampered with. A checksum can be calculated in two ways. Suppose the checksum for a packet is 1 byte long, with a maximum value of 255. If the sum of the packet's other bytes is 255 or less, the checksum will match that value. If the sum exceeds 255, the checksum is the remainder after dividing the total by 256. For example:
- Byte 1 = 212
- Byte 2 = 232
- Byte 3 = 54
- Byte 4 = 135
- Byte 5 = 244
- Byte 6 = 15
- Byte 7 = 179
- Byte 8 = 80
- Total = 1151. Dividing 1151 by 256 results in 4.496 (round down to 4). Multiply 4 by 256, which gives 1024. 1151 minus 1024 gives a checksum of 127
CRC (Cyclic Redundancy Check) - Similar to checksums, CRCs use polynomial division to determine their value, typically 16 or 32 bits long. CRCs offer a higher level of accuracy; even a single incorrect bit will cause the CRC to fail. While both checksums and CRCs are effective for detecting random transmission errors, they offer minimal protection against intentional data tampering. The encryption methods described below offer more robust security.
Private key encryption - In private key encryption, each computer has a secret key (code) that it uses to encrypt a message before sending it across the network to another computer. Private key encryption requires both computers to have the key installed in advance. It’s like using a secret code where the two computers share knowledge of the key to decode the message. Think of it this way: you create a message where each letter is shifted by two places (e.g., 'A' becomes 'C'). You tell your friend that the shift is 2, and they can decode it. Anyone else will just see gibberish.
Public key encryption - Public key encryption utilizes both a private and a public key. The private key is kept secret by your computer, while the public key is shared with anyone who wants to communicate securely with it. To decrypt a message, a computer must use the originating computer’s public key along with its own private key.
The key is derived from a hash value, which is calculated using a hashing algorithm applied to a base input number. The key characteristic of a hash value is that it's practically impossible to reverse-engineer the original input number without having access to the data used to generate the hash. Here's an example to illustrate:
Input number 10667
Hashing Algorithm = Input # x 143
Hash Value = 1525381
As you can see, it's very challenging to figure out that the value 1525381 resulted from multiplying 10667 by 143. However, knowing the multiplier (143) makes it much easier to compute the original value of 10667. Public key encryption works in a more complex way, but this illustrates the basic idea. Public keys use sophisticated algorithms and very large hash values, typically 40-bit or even 128-bit numbers. A 128-bit number can have up to 2^128 possible combinations, which is equivalent to the number of water molecules in 2.7 million Olympic-sized swimming pools. Even the smallest droplet of water contains billions of molecules!
Digital certificates - When implementing public key encryption on a large scale, such as needed for a secure Web server, a unique method is required. This is where digital certificates come into play. A digital certificate is a piece of data that verifies the Web server is trusted by an independent entity known as a Certificate Authority. The Certificate Authority serves as a trusted intermediary between two computers, verifying their identities and exchanging their public keys.
The Digital Signature Standard (DSS) is based on a public key encryption method that employs the Digital Signature Algorithm (DSA). DSS is the official format for digital signatures that the US government has endorsed. The DSA algorithm uses a private key that only the document's originator (signer) knows and a public key. The public key consists of four components, which you can learn more about on this page.
Electronic payments might become the future of currency. Click here to explore how digital signatures could secure the future of electronic payment.
Below are some useful links to explore:
- Bionic Buffalo Tech #5: Encryption
- Digital Signature Initiative
- Links on Law, Cryptography, and Electronic Communications
