Digital Signatures

Written Signatures /Paper Documents

Provide “proof” of identification Legal basis – contracts, etc. Ceremonial – signing person knows when

s/he enters a contract

But . . .

Forgery Falsified ID Altered documents Insecure – couriers, agencies, secretaries

Therefore:

Digital Signatures!!!– Short history– Technology– How to . . .

Short history of digital signatures

DSS - Federal Information Processing Standards Publications (FIPS PUBS) – publication 186: May 19, 1994

The standard (DSS) specifies a DSA appropriate for applications requiring a digital rather than a written signature

Specifications also in this document

Technology

Dig. sig. computed such that identity of signatory and integrity of data can be verified

Public/private keys – encode with private, verify with public

This ensures a nonrepudiation policy, as well – once message has been verified, signatory cannot repudiate involvement with message/contract

Tech. (cont.)

Encryption can also be accomplished using many modern software packages (PGP, for example) – sign and encrypt with private keys

De-encryption and verification by public keys

How to . . . To use such technology, get digital

signing/encryption software PGP (Pretty Good Privacy) (www.pgpi.org)

– Fairly well known– Offers many features– E-mail encryption– Instant Message encryption (using MSN Messenger)– PGPNet – all network communications can be

encrypted Search engine – “Digital Signature” or

“Encryption”

Sources: http://www.itl.nist.gov/fipspubs/fip186.htm

(Federal Information Processing Standards Publications)

http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html (American Bar Association - Digital Signature Guidelines Tutorial)

http://www.pgpi.org/ (International PGP Home Page)

http://web.mit.edu/network/pgp.html (MIT distribution site for PGP)