digital signature

Also found in: Dictionary, Thesaurus, Medical, Legal, Financial, Wikipedia.
Related to digital signature: Digital certificate, Digital Signature Algorithm

digital signature

[′dij·əd·əl ′sig·nə·chər]
A set of alphabetic or numeric characters used to authenticate a cryptographic message by ensuring that the sender cannot later disavow the message, the receiver cannot forge the message or signature, and the receiver can prove to others that the contents of the message are genuine and originated with the sender.

digital signature

Extra data appended to a message which identifies and authenticates the sender and message data using public-key encryption.

The sender uses a one-way hash function to generate a hash-code of about 32 bits from the message data. He then encrypts the hash-code with his private key. The receiver recomputes the hash-code from the data and decrypts the received hash with the sender's public key. If the two hash-codes are equal, the receiver can be sure that data has not been corrupted and that it came from the given sender.

digital signature

A digital guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the content were altered. The two major applications of digital signatures are for setting up a secure connection to a website and verifying the integrity of files transmitted (more below).

An Encrypted Digest
The digital signature is an encrypted digest of the file (message, document, driver, program) being signed. The digest is computed from the contents of the file by a one-way hash function, such as MD5 and SHA-1, and then encrypted with the private part of a public/private key pair (see RSA). To prove that the file was not tampered with, the recipient uses the public key to decrypt the signature back into the original digest, recomputes a new digest from the transmitted file and compares the two to see if they match. If they do, the file has not been altered in transit by an attacker. See MD5.

An Encrypted Digest
A digital signature is an encrypted digest of a file. The digest was created with a one-way hash function from the file's contents.

Signed Certificates
The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a website in order to establish an encrypted connection for credit card and other confidential data (see SSL and digital certificate).

Signed Files
The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a website. Code signing also uses signed digital certificates to verify the identity of the site (see code signing and digital certificate). Also see digital envelope and electronic signature.

The Illustrations Below

The following two illustrations show how digital signatures are used for data integrity in both non-private and private exchanges. Because of the requirement of disseminating keys, the following methods are used mostly between two parties that communicate with each other on a regular basis and not by the public in general. The references to the man and woman are used to help explain the concept; however, all functions are automatically performed by the software.

Integrity, But No Privacy
The woman makes her message tamper proof by encrypting the digest into a "digital signature," which accompanies the message. At the receiving side, the man uses her public key to verify the signature. However, the message text is sent "in the clear" and could be read by an eavesdropper.

Message Integrity and Privacy
In this example, the woman signs her message and also encrypts the signature and message with the man's public key for privacy (confidentiality). When he receives the encrypted signed message, he decrypts it with his private key to expose the text he can now read along with the signature. He then verifies the signature to ensure the message was not tampered with.
References in periodicals archive ?
The existing implementations of the digital signature systems, most often use the following cryptographic algorithms:
A digital signature relies on the mathematically complex world of asymmetric cryptography.
Now, every company can easily verify the legal and regulatory compliance of AuthentiDate's digital signature solution for electronic invoicing in accordance with German bookkeeping and accounting regulations.
As electronic commerce grows and computer-based business becomes the norm, states that have digital signature laws will be prepared for great changes in contract and commercial law.
which produces equipment and software based on a rival, proprietary digital signature and encryption method known as RSA.
SAN FRANCISCO -- In response to the economic downturn and the changing AEC landscape, many of the design firms on the ENR top 500 design firms list are adopting digital signatures as a means for gaining competitive advantage.
Electronic signatures can include passwords, PIN numbers, a name typed at the bottom of an e-mail, or a digital signature.
Windows 32-bit and 64-bit operating systems are also natively supported, as is a standard digital signature Web Services interface.
Moreover, the federal government has made it mandatory that all agencies make their public documents available electronically and enable the use of digital signatures by October 2003.
As highlighted by CPI's use, CoSign for SharePoint adds sought-after digital signature functionality to various subjects within the SharePoint environment," said Raanan Dahari, EMEA Sales Director, ARX.
Among the various metrics explored in AIIM's digital signature research were the impact of the need for paper-based signatures, the ROI experienced by organizations that have implemented digital signatures, and the benefits those organizations have experienced.
With the help of ARX engineers, customers, and in-depth research on best practice methods, the "12 Business Cases for Digital Signatures" eBook offers readers twelve examples of business uses and benefits experienced by real-world organizations that have implemented ARX's CoSign[R] digital signature solution.

Full browser ?