1. ITT CENTRE NAME: BIKANER BRANCH OF CIRC OF ICAI
BATCH COMMENCEMENT DATE: 2ND DECEMBER 2013
PROJECT TOPIC: EXPAIN DIGITAL SIGNATURE WITH EXAMPLES.
SUBMITTED BY: RAHUL YADAV
CRO0428146
1
3. This Is To Certify That MR. RAHUL YADAV
Has Under Taken A Project On DIGITAL
SIGNATURE WITH EXAMPLES . After Going
Through The Report, We Wish To Record Our
Satisfaction & Commend To MISS SONALI JAIN
For The Effort Put In By Their In This Exercise.
3
4. DIGITAL SIGNATURE WITH EXAMPLES
SUBMITTED BY RAHUL YADAV UNDER THE
GUIDANCE OF MISS SONALI JAIN (I.T.T. FACULTY)
Submitted In Partial Fulfillment For The I.T. Training Conducted By Bikaner Branch Of
I.C.A.I For The Course Of I.P.C.C.
BATCH NO. BIKANER-12/13/81
REG. NO. BKN/13-14/1607
4
5. While coming on acknowledgement, it seems to me closing of
long chapter of reminiscences which bloomed and gloomed at BRANCH CHAIRMEN
CA Rajiv Aeron, BIKANER BRANCH OF CIRC OF ICAI, BIKANER.
This is my proud privilege to express my sincere and deep sense
of gratitude my faculty member Ms. Sonali Jain for inspiration guidance,
persistent involvement, scholarly suggestion and constructive critical supervision
throughout the pursuit of present study.
And finally many thanks to all those friends who kept company
and who directly or indirectly helped me in the completing of this project work.
RAHUL YADAV
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
6. Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
6
7. Introduction
How they work
What is D.S Technology
Application
Why use..Reason
WYSIWUS
Public key Certificate
Digital Certificate
Why Digital Signature
Paper vs Digital Signature
Conclusion
Bibliography
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
….8-11
..13-15
.…16
……17
…18-23
…..24
…..25
.….26
…..27
….28
….29
…..30
7
8. A DIGITAL SIGNATURE is a mathematical scheme for
demonstrating the authenticity of a digital message or
document. A valid digital signature gives a recipient reason to
believe that the message was created by a known sender, such
that the sender cannot deny having sent the
message(authentication and non-repudiation)and that the
message was not altered in transit(integrity). Digital signatures
are commonly used for software distribution, financial
transactions, and
in other cases where it is important to detect
forgery or tampering.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
8
9. Digital signatures
are often used to implement electronic
signatures, a broader term that refers to any electronic data that
carries the intent of a signature, but not all electronic signatures
use digital signatures. In some countries, including the United
States, India, and members of the European Union, electronic
signatures have legal significance.
For messages sent through a non secure channel, a
properly implemented digital signature gives the receiver reason to
believe the message was sent by the claimed sender. Digital
signatures are more difficult to forge than the handwritten type.
Digital signatures can also provide non-repudiation, meaning that
the signer cannot successfully claim they did not sign a message.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
9
10. A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key
uniformly at random from a set of possible private keys. The
algorithm outputs the private key and a corresponding public
key.
A signing algorithm that, given a message and a private key,
produces a signature.
A signature verifying algorithm that, given a message, public
key and a signature, either accepts or rejects the message's
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
10
11. In 1976, Whitfield Diffie and Martin Hellman first
described the notion of a digital signature scheme,
although they only conjectured that such schemes
existed.
Soon afterwards, Ronald Rivest, Adi
Shamir, and Len Adleman invented the RSA
algorithm, which could be used to produce primitive
digital signatures. .
The first widely marketed software
Submitted
package to offer digital no. :-By :- Rahul Yadav was Lotus Notes
signature
ITT Reg.
BKN/2013-14/1607
11
12. Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
12
13. BOB
Private key(d)
ORIGINAL PLAIN TEXT
Dear Alice—The Meeting
Will be Held in Embassy
Decryption
function
CIPHERTEXT
Qrne cliae– Gur
zasder bh ke measy
Encryption
function
PLAIN TEXT
Dear Alice– The Meeting
Will be Held in Embassy .
No Secret key is ever
exchanged.
Alice does not need
her own key to use
the system.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
ALICE
Public key(e,n)
13
14. I Hereby Give You A Raise
I Hereby Give
You A Raise.
192 2343 9102
Private (d)
BOB
Encrypt with the
Private Key Attach to
the end of the original
message.
I Hereby Give You A Raise.
I Hereby Give You A
Raise.
Public (e,n)
Decrypt with the Public Key
Authenticate by Comparing to
Plaintext Message
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
ALICE
14
15. I Hereby Give
You A Raise.
I Hereby Give You A Raise
192 2343 9102
Evil Faked
BOB
Evil
Haye ahge kae gakg.
Public (e,n)
Signature does not
Match Message=>
Message not
Authenticated
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
I Hereby Give You A
Raise.
ALICE
15
16. What is Digital Signature
Technology…??
Generating message’s digest (hash result)
Using Public Key to encrypt hash result
Result of the encryption: digital signature
Sender sends
message,
digital signature and
certificate to receiver
Receiver wants to check
Integrity :-Generating hash result, compare it to the sender’s
hash result and decrypting the message with the sender’s
Submitted By :- Rahul Yadav
16
public key
ITT Reg. no. :- BKN/2013-14/1607
17. Authentication :Although messages may often include information about the entity
sending a message, that information may not be accurate. Digital signatures
can be used to authenticate the source of messages.
The importance of high confidence in sender authenticity is
especially obvious in a financial context.
For example, suppose a bank's branch office sends instructions to
the central office requesting a change in the balance of an account. If the
central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
17
18. How do we do this if
the
Document is Digital
and Not Paper..?
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
18
19. This can be Forged easliy…!
Graphic file
Has this Email Signed..?
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
19
20. A True Signature:
Is Authentic.
Cannot be Forged.
Cannot be Refused.
Proves document has not been Altered.
Cannot be Repudiated.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
20
21. In many scenarios, the sender and receiver of a message may
have a need for confidence that the message has not been
altered during transmission. Although encryption hides the
contents of a message, it may be possible to change an
encrypted message without understanding it.
However, if a message is digitally signed, any change in
the message after signature invalidates the signature.
Furthermore, there is no efficient way to modify a message and
its signature to produce a new message with a valid signature.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
21
22. Non-repudiation :-
Non-repudiation, or more specifically nonrepudiation of origin, is an important aspect of
digital signatures. By this property, an entity
that has signed some information Documents
cannot at a later time deny having signed it.
. Checking revocation status requires an
"online" check, e.g. checking Very roughly this
is analogous to a vendor who receives creditcards first checking online with the creditcard issuer to find if a given card has been
reported lost or stolen.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
22
23. In order to be semantically interpreted, the bit
string must be transformed into a form that is
meaningful for humans and applications, and this
is done through a combination of hardware and
software based processes on a computer system.
WYSIWYS means that the semantic
interpretation of a signed message cannot be
changed. In particular this also means that a
message cannot contain hidden information that
the signer is unaware of, and that can be
Submitted By :- Rahul Yadav
revealed after the signature has been applied. 23
ITT Reg. no. :- BKN/2013-14/1607
24. A public key certificate (also known as a digital certificate) is an electronic
document that uses a digital signature to bind a public key with an identity —
information such as the name of a person or an organization, their address, and
so forth.
In a typical public key infrastructure (PKI) scheme, the signature
will be of a certificate authority (CA). There are Three Companies in INDIA
which certified the Digital Signature:- 1). Infosys 2). Wipro 3). TCS
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
24
25. A Digital Certificate is issued by a Certification
Authority (CA) and signed with the CA's private key.
A Digital Certificate typically contains the:
Owner's public key
Owner's name
Expiration date of the public key
Name of the issuer (the CA that issued the Digital Certificate)
Serial number of the Digital Certificate
Digital signature of the issuer
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
25
27. PARAMETER
DIGITAL
PAPER
Authenticity
May be Forged.
Can not be Forged.
Integrity
Signature independent of the
Document.
Signature depends on the
contents of the documents.
Non- Repudiation
a.
b.
a.
b.
Handwriting expert needed.
Error prone.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
Any computer user.
Error free.
27
28. Digital signatures are a valuable technology for every major
corporation. Combined with RSAand PKI for certificate lifecycle
management digital signatures can speed up business processes.
It as well supports any other security application based on
digital certificates. For instance, Virtual Private Networks, e-mail
encryption, and secure WWW portals can be realized with the digital
certificates provided by RSA and PKI. The more applications a PKI is
used for, the more economic it gets.
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
28
29. My Creativity
My Efforts
MISS SONALI JAIN
ITT MODULES
Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
My Hard
Work
29
30. Submitted By :- Rahul Yadav
ITT Reg. no. :- BKN/2013-14/1607
30