3. What is Digital Signature?
A Digital Signature is a tool used to verify that a received document or transaction
has been generated and sent by the sender without the interference of any third-
parties.
It is a guarantor of authenticity, assuring the receiver that the document they have
received has not been tampered with.
4. How is a Digital Signature Performed?
The Digital Signature Standard (DSS) is used for performing digital signatures. The
DSS standard was issued by the National Institute of Standards and Technology
(NIST) as the Federal Information Processing Standard (FIPS) PUB 186 in 1991.
There are two primary techniques used to perform a digital signature:
• DSS uses the SHA-1 algorithm in order to compute the message digest against
the original, utilizing the message digest in the generation of the digital signature.
This is done by using the Digital Signature Algorithm (DSA), which is, in turn,
based on asymmetric key cryptography. This process does not provide encryption
of messages.
• Digital Signature can also be performed using the RSA algorithm. This method is
used when the message needs to be encrypted as well.
5. Reasons to use Digital Signature
• Authenticity: Digital Signatures can assure the receiver that the message really
has been sent by the correct sender. This assurance is extremely important in
financial transactions.
• Integrity: Messages sent by someone can often be tampered with by malicious
third-parties to alter their original meaning. Upon using a digital signature, any
alterations to the message renders the signature invalid. This gives assurance to
the receiver that the message has not been altered.
• Accountability: Once a digital signature has been used to transmit a message or
document, the sender cannot claim that they didn’t send it. As such, digital
signatures guarantee non-repudiation of origin.
6. What is Digital Certificate?
Digital Certificates are essentially digital identification cards. They are issued by
specific government bodies or certificate authorities after carefully verifying the
individual’s identity and making sure that they meet all requirements for the
certificate.
Digital Certificates are essentially used to verify the owner’s identity when it is
presented to others.
When a document is signed with a digital certificate, the relying party can be
guaranteed of their authenticity because the Certificate Authority has done its job in
verifying the individual’s identity.
7. Reasons to use a Digital Certificate
• It holds personal information by which the owner’s identity can be verified.
• The issuing authority can also be contacted.
• Digital certificates are difficult to tamper with or duplicate.
• If the identification is misused, the issuing authority can revoke it.
• Revocation can be easily checked by contacting the issuing authority.
9. Digital Signature Digital Certificate
Verifies the identity of the individual sending a
document.
Helps establish the legitimacy or ownership of an online
platform such as an email or a website.
Can be obtained via an online security agency or issuing
authority by presenting the relevant identification
documents.
Can be obtained by contacting the Certificate
Authority. They conduct a background check before
issuing the certificate.
Ensures that the signer cannot be held accountable for
documents either tampered by third-parties or forged
by them. It also protects the rights of the document’s
receiver by negating non-repudiation.
It protects people holding online transactions from
cyber attacks, eavesdropping, cross-site scripting, etc.
Created with Digital Signature Standard (DSS) using
SHA-1 or SHA-2 algorithms.
Certificates are created in the X.509 format.