Digital Signatures. Written Signatures / Paper Documents Provide “proof” of identification ...
-
Upload
joseph-evans -
Category
Documents
-
view
216 -
download
1
Transcript of Digital Signatures. Written Signatures / Paper Documents Provide “proof” of identification ...
Digital Signatures
Written Signatures /Paper Documents
Provide “proof” of identification Legal basis – contracts, etc. Ceremonial – signing person knows when
s/he enters a contract
But . . .
Forgery Falsified ID Altered documents Insecure – couriers, agencies, secretaries
Therefore:
Digital Signatures!!!– Short history– Technology– How to . . .
Short history of digital signatures
DSS - Federal Information Processing Standards Publications (FIPS PUBS) – publication 186: May 19, 1994
The standard (DSS) specifies a DSA appropriate for applications requiring a digital rather than a written signature
Specifications also in this document
Technology
Dig. sig. computed such that identity of signatory and integrity of data can be verified
Public/private keys – encode with private, verify with public
This ensures a nonrepudiation policy, as well – once message has been verified, signatory cannot repudiate involvement with message/contract
Tech. (cont.)
Encryption can also be accomplished using many modern software packages (PGP, for example) – sign and encrypt with private keys
De-encryption and verification by public keys
How to . . . To use such technology, get digital
signing/encryption software PGP (Pretty Good Privacy) (www.pgpi.org)
– Fairly well known– Offers many features– E-mail encryption– Instant Message encryption (using MSN Messenger)– PGPNet – all network communications can be
encrypted Search engine – “Digital Signature” or
“Encryption”
Sources: http://www.itl.nist.gov/fipspubs/fip186.htm
(Federal Information Processing Standards Publications)
http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html (American Bar Association - Digital Signature Guidelines Tutorial)
http://www.pgpi.org/ (International PGP Home Page)
http://web.mit.edu/network/pgp.html (MIT distribution site for PGP)