Digital Signature

Amrit Poudel

Software Engineer

What is Digital Signature?

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.The digital signature is equivalent to a handwritten signature or stamped seal, but offering far more inherent security.A digital signature is intended to solve the problem of tampering(change) and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.

 

Odoo CMS - a big picture


 

How digital signatures work?

Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.

A digital signature can be used with any kind of message -- whether it is encrypted or not -- simply so the receiver can be sure of the sender's identity and that the message arrived intact. Digital signatures make it difficult for the signer to deny having signed something (non-repudiation) -- assuming their private key has not been compromised -- as the digital signature is unique to both the document and the signer, and it binds them together. A digital certificate, an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity

 Why Digital Signature?

  • Cost :

Using postal or courier services for a paper document is much more expensive compared to using digital signatures on electronic documents.


  • Security :

The use of digital signatures and electronic documents reduces the risk of documents being intercepted, read, destroy or altered.


  • Authenticity :

An electronic document signed with a digital signature can stand up in cost as well as other signed paper document.


  • Non-repudiation :

Signing on electronic document digitally identifies you as the signatory and that can’t be later denied.


  • Imposter prevention :

By time stamping your digital signatures, you will be clearly know when the document was signed.





 

Why not to use Digital Signature?


  • Certificates :

Inorder to effectively use digital signatures, both senders and receipts may have to buy digital certificates at a cost from trusted certification authorities.


  • Software :

To work with digital certificates, senders and recipients have to buy verification software at a cost.


  • Expiry :

Digital signatures like all technological products, are highly dependent on the technology it is based era of fast technological advancements,many of these tech product have a short shelf life.