How we can analyze a signature

Digital signature explanation and definition

The digital signature is a cryptographic processthat calculates a certain value for any data. This value is also known as the digital signature. It allows the authorship of a message to be checked by anyone at any time. Digital signatures can form the basis of secure electronic signatures, so the terms “electronic signature” and “digital signature” are not synonyms.

The basic principle of the digital signature

The signature of a message is calculated using the private signature key and the data to be signed. The rule here is that different data must lead to different signatures. In addition, the signature must lead to a different value for each key.

Digital signature processes can be used in deterministic and probabilistic procedures be subdivided. If the digital signature is clearly defined by the key and the message to be encrypted in the deterministic signature method, then random values ​​are included in the calculation of the signature in the probabilistic signature method. This makes it possible for the digital signature of a message to have different values ​​in connection with a certain key.

In order to generate the digital signature from a message, the private key is applied to this message. However, the application does not take place directly on the data to be encrypted, but on its hash value, which is based on a previously specified Hash function is calculated. The hash function used must meet the condition of collision resistance, which means that it should be impossible to find two different messages with an identical hash value. Since there is only one private key for each public key of the signature, which corresponds to this key, the authenticity of the signature and the identity of the creator can be checked using the directory of the relevant certification service provider.

The security of the digital signature

A digital signature is considered secure when it is almost impossible to falsify or falsify it. It should also not be possible to generate another message for which the signature is also valid. The prerequisite for this is that the private key can neither be calculated from the public key nor from the generated signatures. Furthermore, a digital signature is considered secure if it meets the criterion of Non-repudiation Fulfills. This means that after Verification of the signature a public key proves that the digital signature was created with the corresponding private key.

How secure a method for creating a digital signature is essentially depends on various parameters such as the length of the key and the hash function used. The development of the most secure digital signature procedures possible is part of the Cryptanalysis examined, a branch of cryptology.

Method for generating a digital signature

The best known method for creating a digital signature is that RSA method, a cryptographic method developed by mathematicians Ronald Linn Rivest, Adi Shamir and Leonhard Adleman in 1977. The high level of security of the RSA method lies in the difficulty associated with the decomposition of large numbers into their prime factors.

While the RSA method is based on prime factorization, other methods of creating a digital signature use the discrete logarithm. These procedures include the El Gamal and the DSA algorithm. The functionality of other signature methods is based on linear codes (McEliece-Niederreiter signature) or on hash trees (Merkle signature).

The digital signature in practice

Various software products support the creation and use of a digital signature. PGP (Pretty good privacy) is one of the most popular programs for encrypting and signing emails. The software was developed between 1986 and 1991 by Phil Zimmermann. PGP can be understood as a combination of different methods that can be used for asymmetrical and symmetrical encryption of data as well as for generating digital signatures.

PGP systems enable a key pair to be generated by each communication partner at any time. A type of electronic authentication confirms that a key belongs to a specific person. In this way a so-called "Web of Trust“, A network based on transitive relationships - if person A trusts person B and person B trusts person C, then it follows from the principle of transitive trust relationships that person A also trusts person C, although there is no explicit trust relationship.

Different versions of PGP are now available. In addition to the commercial version developed by Phil Zimmermann, there is the free cryptography system GnuPG, also is with Enigmail a plug-in for common e-mail clients such as Mozilla Thunderbird is available.

In addition to PGP, there are various certificate-based systems in which every user has a certificate in digital form, which not only contains information on identity but also the public key. Certificates are certified by an authorized body; Although certificate-based systems can be easily integrated into company hierarchies, the high costs associated with setting up and using such systems are to be regarded as disadvantageous.

Certificate-based systems are also based on the use of a key pair. If data is to be exchanged over the Internet using a secure connection, the server sends the certificate and the public key to the Client, i.e. to the user's web browser. The browser in turn checks whether the certificate sent is trustworthy. If this is the case, the encrypted data can be transmitted. If the authenticity of the sent certificate could not be confirmed, the user has the option of manually checking the certificate and, if necessary, accepting it.

For your quotes: just copy and paste the permalink