What is a Digital Signature?
A digital signature is a mathematical code that is generated and attached to a transmitted file or document that can be used by the recipient to verify that the message or document that has been received has not been altered and also that the message has been sent by the expected party.
Therefore, the digital signature provides confirmation that a document or message has not been altered or tampered with and has not been sent from a third party.
How a Digital Signature Works
A digital signature works by using the private key of the sender to encrypt the data which can then only be decrypted using the public key of that user.
How a Digital Signature is Created
Digital Signatures can be created using suitable software, including software that is free for download on the Internet. Docusign, SignServer and Dochub are examples of such software. It is also possible to include digital signatures for emails within most email management software, such as Microsoft Outlook.
The software produces a hash of the data and then uses the public key in order to encrypt that hash value which forms the basis of the digital signature.
If the data is altered then the hash value will not match the data which is how the recipient, through the use of the software, can confirm that the data has not been altered by calculating a verification hash value of the received data and comparing it with the hash held within the digital signature.
When the hash value within the signature does not match the calculated value of the received message then the message has either been altered since being sent or the digital signature was created with a different private key to that of the sender, suggesting that it may have been sent by another party.
This process also provides some proof that the received message had been sent by the sender, making it difficult for them to deny that they had sent it due to the digital signature being able to bind a sender with the document through the private key and verifiable hash.
Classes of Digital Signature Certificates
The three main classes of digital signature certificates are Class 1, 2 and 3 that are used for different purposes.
Class 1 Certificate:
A Class 1 certificates is issues to individuals and provides validation based only upon email address and user name. These certificates are not used by legal messaging due to the relatively low level of security that they provide.
Class 2 Certificate:
A Class 2 certificate can be used for private individuals as well as businesses and verify the identity of the originator with the data held within the pre-verified database.
Class 3 Certificate:
A Class 3 certificate can be issued to individuals and businesses and is primarily intended within ecommerce situations. These certificates require the individual or company to appear before the certifying authority before signing.
Digital Signature Security Benefits
Digital Signatures provide various security benefits including ensuring that the document has not been altered and that it had been sent from the expected party as well as the following techniques:
Passwords and Passcodes are used to verify the sender’s identity.
Certificate Authority Validation help avoid the use of fake digital certificates.
The Trust Service Provider is the entity that verifies the Digital Signature on the company’s behalf.
Time Stamps provide the date/time of the Signature.
CRC Check (Cyclic Redundancy Check) is a common technique for detecting data transmission errors and used to verify that no changes to the raw data have occurred.
Hash value is a mathematical calculation of the data and the original hash is compared to the calculated hash value of the received data.
Assymetric Key Encryption is used to encrypt the data and another is used to decrypt it. This encryption method means that the data can be encrypted using a Public Key but can only be decrypted if the user has the private key and the public key.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or via email on email@example.com, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensic investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.