Saturday, 28 March 2015

DIGITAL SIGNATURE



                                                               DIGITAL SIGNATURE
Digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document in order to provide more security than their handwritten counterparts.
A digital signature is the electronic equivalent of a handwritten signature, verifying the authenticity of electronic documents offering far more inherent security a digital signature is intended to solve the problem of tampering and impersonation in digital communications.



Digital signature ensure integrity of documents, secure electronic tracking and storage, scale to accommodate high volumes of documents, enhance security and ensure compliance, reduce costs
Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer.
Digital signatures have the same legal significance as the more traditional forms of signed documents

By adopting digital signature processes, companies are able to reduce waiting time, save money, provide copies to all parties, create archives, increase security through digital encryption, and meet compliance requirements.


Digital signature are done under two methodology
·         Encryption of data
·         Decryption of data
ENCRYPTION OF DATA
Encryption is translation of data into a secret code called a cipher text. Encrypting the sensitive data is the most popular and effective way to have data security.  And to use the encryption in the digital signature you should have digital ID (digital certificate) in such can be used in two process
Encryption of emails or files and place to sign or place digital signature on the document. Digital signature it consist of Public and Private Keys.

Public key is shared by everyone while Private Key is kept private.
Computer encryption uses the science of cryptography. As the human-based code is too easy for a computer to crack, most of the encryption systems belong to the one of two categories.

·                            Symmetric-key encryption
·         Public-key encryption
SYMETRIC-KEY ENCRYPTION
Symmetric-key encryption technique single key is used to encrypt and decrypt the message.
PUBLI-KEY ENCRYPTION
Public-key encryption uses the combination of a private key and a public key. The private key is kept secret and is only known to the person who encrypts the message, while the public key is freely disseminated which helps to verify the message. To decode an encrypted message, receiver uses the public key of the sender and his own private key.
                                         DECRYPTION OF DATA
Decryption is the process of decoding data that has been encrypted into a secret format this requires secret code or password. The encrypted data is change from cypher into readable contents when it decrypted with the secret code known by the end user.
This content will be secured while passing and reach the destination safe without interrupted with the hackers and intrudes in the sense the digital signature is maintained secured.
Protecting digital signatures from compromise requires mechanism to secure the cryptographic keys at the heart of the digital signatures themselves.
Encryption/Decryption is advisable while carrying out any kind of sensitive transaction, such as online purchases or the communication of company sensitive documents between different departments in the organization

Products and services from Thales e-Security can help you create high-assurance digital signing processes that give your organization valuable flexibility in automating, integrating, and hosting critical business processes.
By adopting industry best practices and proven technology you can be confident in your ability to stay ahead of the security curve and in your ability to comply with evolving legal standards and regulatory requirements.
Implement secure digital signing with high-availability solutions appropriate for your most critical processes
Take advantage of high performance capabilities that can support the most demanding online applications and transaction volumes


               GENERATING A DIGITAL SIGNATURE WITH JAVA
Digital signature can be generated with the powerful and highly secure language java with the use of JDK security API this generate keys in such a digital signature using the private key to export public key.
This application gets the data line name from the command line of GenSig sample program
The following steps create the GenSig sample program.
  1. Prepare Initial Program Structure
Create a text file named GenSig.java. Type in the initial program structure (import statements, class name, main method, and so on).
  1. Generate Public and Private Keys
Generate a key pair (public key and private key). The private key is needed for signing the data. The public key will be used by the VerSig program for verifying the signature.
  1. Sign the Data
Get a Signature object and initialize it for signing. Supply it with the data to be signed, and generate the signature.
  1. Save the Signature and the Public Key in Files
Save the signature bytes in one file and the public key bytes in another.
  1. Compile and Run the Program

Posted by at
Labels:

1 comment:

Subscribe to: Post Comments (Atom)