Expt 2 – Cyber Laws

Digital signature

What is a digital signature?

A digital signature is a mathematical method for confirming the veracity and consistency of a
digital message, document, or piece of software. It gives much more intrinsic security than a
handwritten signature or stamped seal, yet it is the digital version of them. The issue of tampering
and impersonation in digital communications is addressed by a digital signature.

The origin, identity, and status of electronic documents, transactions, or digital messages can
be verified using digital signatures. They can also be used by signers to confirm informed consent.
Digital signatures are regarded as being equally as legally binding as traditional handwritten
document signatures in many nations, including the United States.

Why are digital signatures required?

As more business is done online, agreements and transactions that were once signed on paper
and delivered physically are gradually being replaced by totally digital papers and workflows. Every
time priceless or sensitive material is shared, there are frequently bad actors present who wish to
steal it or use it for their own gain. Businesses must be able to verify and authenticate that these
crucial business documents, data, and communications are trusted and delivered securely in order to
reduce the risk of document manipulation by malicious parties.

Digital signatures safeguard private information while without obstructing the efficiency of
online document workflows; in contrast to paper procedures, they frequently enhance document
management. The use of digital signatures makes document signing straightforward and accessible
from any computer or mobile device. Additionally, because the digital signature is included into the
file, it may be used on any device and anyplace the information is transferred. Digitally signed
documents are also simple to regulate and keep track of because they provide the status of all
documents, allow you to know whether they have been signed, and provide you an audit trail.

How do digital signatures work?

Public key cryptography, commonly referred to as asymmetric cryptography, is the foundation

Public key cryptography's two mutually authenticating cryptographic keys are how digital
signatures function. The person who generates the digital signature uses a private key to encrypt the
data associated with the signature for encryption and decryption. With the signer's public key, that
data can only be decrypted.

The signature or the document may be flawed if the recipient is unable to open the file using
the signer's public key. This is how the authenticity of digital signatures works.

(The mathematical algorithm generates a public key and a private key that is linked to each other. When a signer
electronically signs a document, the mathematical algorithm generates data pertaining to the signed document by the
signer, and the data is then encrypted. This data is also called a cryptographic hash. A hash function is a fixed-length
string of numbers and letters generated from a mathematical algorithm. This generated string is unique to the file being
hashed and is a one-way function, a computed hash cannot be reversed to find other files that may generate the same
hash value. The signer has sole access to the private key and this private key is used to encrypt the document data. The
encrypted information or encrypted hash is then transmitted and can be decrypted only by the signer’s public key. The
receiver who receives the document also receives a copy of the signer’s public key which is used to decrypt the
signature. A cryptographic hash is again generated on the receiver’s side. Both cryptographic hashes are checked to
validate their authenticity. The document is considered genuine if they match.

Certificate Authority who are Trust Service Providers(TSP) provides digital certificates to ensure that the keys
generated and documents signed are created in a secure environment.
 Digital certificates help to validate the holder of a certificate. Digital certificates contain the public key of the
sender and are digitally signed by a Certificate authority.

Public key infrastructure (PKI) includes regulations, protocols, rules, people, and systems that aid the
distribution of public keys and the identity validation of users with digital certificates and a certificate authority.)

What are the benefits of digital signatures?

Digital signatures offer the following benefits:

1. Security. Digital signatures include security features to guarantee that a legal document hasn't
been altered and that signatures are genuine. Asymmetric cryptography, PINs, checksums, and
cyclic redundancy checks (CRCs), as well as CA and trust service provider (TSP) validation, are
security features.
2. Timestamping. This gives the time and date of a digital signature and is helpful in situations
where timeliness is important, such stock exchanges, the sale of lottery tickets, and judicial
processes.
3. Globally accepted and legally compliant. The vendor-generated keys are created and stored
securely according to the public key infrastructure (PKI) standard. As digital signatures become
the norm globally, more nations are recognising their legal significance.
4. Cost reductions. By becoming paperless, businesses can save money on the materials, labour,
employees, and office space traditionally required to store, handle, and transfer papers.
5. Favourable environmental outcomes. Reducing paper use also lessens the physical waste
paper produces and the harmful effects that moving paper documents has on the
environment.
6. Traceability. With the use of digital signatures, firms can maintain internal records more easily.
There are less opportunities for a manual signer or record keeper to make a mistake or lose
something when everything is recorded and stored digitally.

Classes and types of digital signatures

There are three different classes of digital signature certificates (DSCs) as follows:

 Class 1. Since they are solely validated based on an email ID and username, this sort of DSC
cannot be used for official business documents. Class 1 signatures offer a fundamental level of
security and are applied in settings where there is little chance of data compromise.
 Class 2. The electronic filing (e-filing) of tax papers, such as income tax returns and goods and
services tax filings, frequently uses these DSCs. Class 2 digital signatures check the identity of
the signer against a database that has already been confirmed. In settings with moderate risks
and effects of data compromise, class 2 digital signatures are utilised.
 Class 3. Class 3 signatures—the highest level of digital signatures—require signers to physically
appear before a CA to establish their identity. E-auctions, e-tendering, e-ticketing, court filings,
 and other settings where there are significant risks to data or repercussions from a security
breach utilise class 3 digital signatures.

Digital signature security

Security is the main benefit of using digital signatures. Security features and methods used in digital
signatures include the following:

1. PINs, passwords and codes. These are used to authenticate and verify a signer's identity and
approve their signature. Email, username and password are the most common methods used.
2. Asymmetric cryptography. This employs a public key algorithm that includes private and public
key encryption and authentication.
3. Checksum. This long string of letters and numbers is used to determine the authenticity of
transmitted data. A checksum is the result of running a cryptographic hash function on a piece
of data. The value of the original checksum file is compared against the checksum value of the
calculated file to detect errors or changes. A checksum acts like a data fingerprint.
4. CRC. A type of checksum, this error-detecting code and verification feature is used in digital
networks and storage devices to detect changes to raw data.
5. CA validation. CAs issue digital signatures and act as trusted third parties by accepting,
authenticating, issuing and maintaining digital certificates. The use of CAs helps avoid the
creation of fake digital certificates.
6. TSP validation. This person or legal entity validates a digital signature on a company's behalf
and offers signature validation reports.

Digital signature attacks

Possible attacks on digital signatures include the following:

 Chosen-message attack. The attacker either obtains the victim's public key or tricks the victim
into digitally signing a document they don't intend to sign.
 Known-message attack. The attacker obtains messages the victim sent and a key that enables
the attacker to forge the victim's signature on documents.
 Key-only attack. The attacker only has access to the victim's public key and can re-create the
victim's signature to digitally sign documents or messages that the victim doesn't intend to
sign.

Digital signature tools

 Adobe Acrobat Sign

Implementation: Digital signature using RSA algorithm

import [Link];
public class RSAExample {

public static void main(String[] args) {

BigInteger p = new BigInteger("61");

BigInteger n = [Link](q);//p*q

BigInteger phi = [Link]([Link]).multiply([Link]([Link]));//(p-1)(q-1)

BigInteger e = new BigInteger("17"); //relatively prime to phi

BigInteger d = [Link](phi);
//public key:(e, n)
//private key:(d, n)

BigInteger message = new BigInteger("2023");

[Link]("Original Message: " + message);

if ([Link](message)) {
[Link]("Signature is valid.");
} else {
[Link]("Signature is not valid.");
}
}
}
Applications of Digital signature
  To send and receive secure, digitally signed, and encrypted emails
 To engage in safe online transactions
 To recognise those involved in an online transaction
 e-filing income tax returns, tender applications, registrar of companies (MCA) filings, and other
pertinent applications
 Word, Excel, and PDF document types to sign and validate

References –

[Link]

[Link]

[Link]