Digital Signature



Digital media is any media that is encoded in a machine-readable format. Digital media can be created, viewed, distributed, modified and preserved on digital electronics devices. When we exchange digital media there is a requirement, that the recipient can check the digital content was not changed since it was submitted from the author of the message/content.

Combined with the Internet and personal computing, digital media has caused disruption in publishing, journalism, entertainment, education, commerce and politics. Trust in the authenticity is the main driver for the introduction of digital signature.

Digital signature can be understood as a list of symbols that form the signature that is created for digital media.

The following example shows an example of a short e-mail with digital signature (the digital signature in real application are much longer).

The private key of author is used by the author for signing the message i.e. create the digital signature. The public key of the author is available for everyone, especially the recipient of the message. The recipient of message validates the message intregrity of the message with public key.

Assume some changed the message of the e-mail (replace the time 11:30 by 10:00).

Remark: The real digital signature consist of much more characters. The example is just for illustration of the basic princinples of a digital signature.

Definition


A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).

Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.

Workflow

 * (Create Key Pair) Generate a public-private key pair (see OpenPGP Solutions for all Operating Systems),
 * (Publish Public Key) Publish the public key on a key-server of your institution or web-service that hosts a database of public keys,
 * (Public Key Server WITH Passport Authentication): the publication of your public key may need an authentication with your passport before the public key can be accessed by the public from keyserver. The user that generated the public key pair and created a publication reguest on keyserver for his/her public key approaches the IT-service unit (e.g. computer science centre) and signs a paper-and-pencil form stating the instititional regulations of private key protection and about the cryptographic use for institutional workflows. This could be last paper-and-pencil action perform by the user. From now on the paper-and-pencil signature can be replaced by a digital signature. It is recommended to combine the institutional step of publishing the public key with security information about the responsibility for using and storing the private key.
 * (Public Key Server WITHOUT Passport Authentication): the publication of your public key will be immediately available after the publications request and can be accessed by the public. This public key can be used from crypotographic message exchange, but not for formalized institutional processes.
 * (Spatial Decision Support System) A Spatial Decision Support System (SDSS) consist of Geographic Information System (GIS) and a decision support system. Decision Support Layers in a GIS may be provided by different entities, agencies, institutes, companies or organisations (e.g. health risk map). The provided  Decision Support Layers can be submitted with a digital signature, that assures that the data in the layer (SDSL) was not changed and is really delivered from the agency (e.g. Public Health Agency). Explain how digital signature could help to improve the trust the information products. What are the challenges that must be faced for implementation a workflow that uses digital signature for decision support layers.

Remark: If the formal process of "passport authentication before publication of public key" is not stated on the public key server, then the application of public keys should be performed under the assumption, that this formal process was not established at the institution. Always inform yourself about internal institutional procedures and the conditions under which the Public-Private Key infrastructure can be used under legal aspects.

Example Public Key Server: see e.g public keyserver of the MIT - Massachusetts Institute of Technology - |Link to MIT).

Subtopics

 * Basic Information about Security
 * Sign Databases, Records or Attributes?
 * Security - Workflow - Questions and Answers
 * Geographic Information System
 * Spatial Decision Support System
 * Spatial Decision Support Layers

Wikipedia: Categories

 * Public-key cryptography,
 * Electronic documents,
 * Key management,
 * Notary,
 * Signature,
 * Records management technology