Role of digital signatures in asymmetric cryptography
Encryption and decryption
Encryption is the process of converting plaintext to encrypted text. Since encrypted text cannot be read by anyone, encrypted text hides the original data from unauthorized users. Decryption is the process of converting encrypted data to plaintext. Basically, it is the reverse of encryption. It is used to decrypt the encrypted data so that only an authorized user can access and read the data.
The process entailing encryption and decryption together is called cryptography.
Learn Applied Cryptography
Private and public keys in cryptography
A key is a bit valued string that is used to convert the plaintext into cipher text and vice-versa. A key can be a word, number or phrase. Cryptography makes use of public and private keys. A public key is issued publicly by the organization and it is used by the end user to encrypt the data.
The encrypted data, once received by the organization, is decrypted by using a private key and the data is converted to plaintext.
Encryption types
Cryptography uses symmetric and asymmetric encryption for encryption and decryption of data. If the sender and the recipient of the data use the same key to encrypt and decrypt the data, it’s called symmetric encryption and if the keys are different for encryption and decryption then it’s asymmetric encryption.
Now the basics are clear, let’s focus on what a digital signature is and how it makes use of asymmetric cryptography for authentication and verification of software, messages, documents and more.
Digital signatures
A digital signature is a mathematical technique for authentication and verification of software, messages, documents and other things. It also provides message authentication, data integrity and non-repudiation — that is, it prevents the sender from claiming that he or she did not actually send the information.
This technique ties a person to digital data, which can be verified by the receiver or by any third party independently. The digital signature is calculated by the data and a secret key known to the signer only.
For creating a digital signature, the user first creates a one-way hash of the message/document to be signed and this representation of the message in the form of a hash is called message digest. Now, the user uses his private key for encrypting the hash. The encrypted hash and other information like hashing algorithm used is the digital signature.
Steps to create digital signatures
These are the steps one should follow to create digital signatures:
- As described above, a message digest needs to be computed first. A message digest is computed by applying a hash function on the message/document to be sent. Popular hashing algorithms used for generating message digest are Secure Hash Algorithm-1 (SHA-1), Secure Hashing Algorithm-2 family (SHA-2, SHA-256) and Message Digest 5 (MD5).
- This message digest is encrypted using the private key of the sender for creating a digital signature.
- This digital signature is then transmitted with the original message to the receiver.
- When the recipient receives the message, they decrypt the digital signature using the public key of the sender.
- After decrypting the digital signature, the receiver now retrieves the message digest.
- Also, the receiver can easily tally the message digest from the received message.
- The message digest tallied by the receiver and the message digest received must be the same for ensuring message authentication, data integrity and non-repudiation.
Digital signature applications
The following are the widely used applications of digital signatures:
- Send/receive encrypted emails which are digitally signed and secured
- Carrying out safe and secure online transactions
- Identifying participants in an online transaction
- Applying for tenders, e-filing of income tax returns, registrar of companies and other suitable applications
- Sign and validate Word, PDF and Excel document formats
The value of encryption
Encryption is a valuable way to keep data safe and secure — and is a fundamental aspect of cybersecurity.
To learn more about encryption and cryptography, check out the free Cyber Work Applied video series — or get started with a cryptography course in Infosec Skills.
Learn Applied Cryptography
Sources:
Digital signatures and certificates, GeeksforGeeks
Cryptography digital signatures, Tutorialspoint
Learn applied cryptography and cryptanalysis
What you'll learn:
- Cryptography fundamentals
- Public key infrastructure
- Blockchain technology
- SSL and TLS
- And more
In this Series
- Role of digital signatures in asymmetric cryptography
- How does hashing work: Examples and video walkthrough
- How does encryption work? Examples and video walkthrough
- Planning for post-quantum cryptography: Impact, challenges and next steps
- Beginner’s guide to the basics of data encryption
- Structures of cryptography
- What is homomorphic encryption?
- Encryption and etcd: The key to securing Kubernetes
- Quantum cyberattacks: Preparing your organization for the unknown
- An Introduction to asymmetric vs symmetric cryptography
- Breaking misused stream ciphers
- Entropy calculations
- Blockchain and asymmetric cryptography
- Security of the PKI ecosystem
- Elliptic curve cryptography
- Methods for attacking full disk encryption
- Introduction to Public Key Infrastructure (PKI)
- Introduction to the TLS/SSL cryptography protocol
- Introduction to Diffie-Hellman Key Exchange
- Introduction to the Rivest-Shamir-Adleman (RSA) encryption algorithm
- Introduction to full disk encryption
- 8 reasons you may not want to use VPNs
- Rivest Cipher 4 (RC4)
- Understanding stream ciphers in cryptography
- Cryptography Errors
- Understanding block ciphers in cryptography
- How to mitigate Credential Management Vulnerabilities
- How To Exploit Credential Management Vulnerabilities
- Poor Credential Management
- How Is Cryptography Used In Applications?
- Decrypting Downloaded Files
- Introduction to hash functions
- Introduction to Asymmetric Cryptography
- The Advanced Encryption Standard (AES)
- Fundamentals of symmetric and asymmetric cryptography
- Case Studies in Poor Password Management
- The ultimate guide to encryption key management
- Principles of cryptography
- Encryption vs Encoding
- Introduction to Cryptanalysis
- Secure Credential Management
- Introduction to Blockchain
- Blockchain Technology
- Virtual Private Networks (VPNs)
- Public Key Infrastructure: Architecture & Security
- Hash Functions
- Asymmetric Cryptography
- Fundamentals of Cryptography
- Symmetric Cryptography
- Introduction to cryptography
- Best tools to perform steganography [updated 2020]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
