[go: up one dir, main page]

0% found this document useful (0 votes)
27 views3 pages

Unit-4 CLE

Uploaded by

crjk10550
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
27 views3 pages

Unit-4 CLE

Uploaded by

crjk10550
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Cyber Law and Ethics (BCSE-003)

B.Tech CS/IT 4th Year/7th Semester


Unit 4
Er Parag Rastogi
Assistant Professor, Department of Computer Science, SITE

Digital Signature and Electronic Signature and Data Protection

1. Electronic Signature:
Electronic Signature is a digital form of a wet link signature which is legally binding and
secure but it does not incorporate any coding or standards. It can be a symbol, image, process
attached to the message or document to recognize the identity and to give consent on it. When
we need to only verify the document we use electronic signature. The validation of electronic
signature is not performed by any trusted certificate authorities or trust service providers so it
is not usually authorized. Electronic signature is very easy to use than digital signature but it
is less secured and less authentic than digital signature.

2. Digital Signature:
Digital Signature is a secured signature which works with Electronic signature and relies on
Public key infrastructure means it comes with encryption standards. It can be visualized as an
electronic finger print which encrypts and identifies a person’s identity. When we need to
secure a document we use digital signature. The validation of digital signature is performed
by trusted certificate authorities or trust service providers so it is usually authorized. Digital
signature is preferred over electronic signature as it is more secured and more authentic than
the electronic signature.

Concept of Public key and Private key


Private Keys and Public Keys terms are used in cryptography. These keys are used to
encrypt/decrypt sensitive data. Read through this article to find out more about private and
public keys and how they are different from each other.
Private Key
The private key is used in both encryption as well as decryption. This key is shared between the
sender and receiver of the encrypted sensitive information. The private key is also called
"symmetric" because it is shared by both parties. Private Key cryptography is faster than
public-key cryptography mechanism.
A private key is generally a lengthy, non-guessable sequence of bits created randomly or
pseudo-randomly. The complexity and length of a private key define how easy it is for an
attacker to carry out a bruteforce attack, in which they test out several keys until they find the
appropriate one.
Public Key
Asymmetric cryptography, often known as public-key cryptography, is a type of encryption
that employs pairs of keys. A public key (which may be known to others) and a private key
(which may not be known to anyone except the owner) make up each pair. Cryptographic
techniques based on mathematical problems known as one-way functions are used to generate
such key pairs.
A private key should be kept secret for effective security; a public key can be freely circulated
without jeopardizing security.
In such a system, anybody can encrypt a message using the intended receiver's public key, but
only the receiver's private key can decode the message. This allows a server application to
produce a cryptographic key for compatible symmetric-key cryptography, and then encrypt that
freshly generated symmetric key using a client's freely disclosed public key.
A public-key encryption system's most apparent application is for encrypting communication to
guarantee secrecy – a message that a sender encrypts using the recipient's public key and can
only be decoded by the recipient's associated private key.

Creation and Authentication of Digital Signature


Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures, which assure that
the message was sent by a particular sender. While performing digital transactions
authenticity and integrity should be assured, otherwise, the data can be altered or someone
can also act as if he was the sender and expect a reply.

2. Signing Algorithms: To create a digital signature, signing algorithms like email programs
create a one-way hash of the electronic data which is to be signed. The signing algorithm
then encrypts the hash value using the private key (signature key). This encrypted hash
along with other information like the hashing algorithm is the digital signature. This digital
signature is appended with the data and sent to the verifier. The reason for encrypting the
hash instead of the entire message or document is that a hash function converts any
arbitrary input into a much shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed and moreover hashing is
much faster than signing.

3. Signature Verification Algorithms: Verifier receives Digital Signature along with the
data. It then uses Verification algorithm to process on the digital signature and the public
key (verification key) and generates some value. It also applies the same hash function on
the received data and generates a hash value. Then the hash value and the output of the
verification algorithm are compared. If they both are equal, then the digital signature is
valid else it is invalid.
Concept of Digital Certificate

Digital certificate is issued by a trusted third party who proves sender’s identity to the receiver
and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the
identity of the certificate holder. The CA issues an encrypted digital certificate containing the
applicant’s public key and a variety of other identification information. Digital certificate is
used to attach public key with a particular individual or an entity.

Digital certificate vs. digital signature:

Digital signature is used to verify authenticity, integrity, non-repudiation, i.e. it is assuring


that the message is sent by the known user and not modified, while digital certificate is used
to verify the identity of the user, maybe sender or receiver. Thus, digital signature and
certificate are different kind of things but both are used for security. Most websites use digital
certificate to enhance trust of their users

Feature Digital Signature Digital Certificate


Digital signature is like a fingerprint or
Basics / an attachment to a digital document that Digital certificate is a file that ensures
Definition ensures its authenticity and integrity. holder’s identity and provides security.

It is generated by CA (Certifying
Hashed value of original message is Authority) that involves four steps: Key
Process / encrypted with sender’s secret key to Generation, Registration, Verification, and
Steps generate the digital signature. Creation.

Security Authenticity of Sender, integrity of the It provides security and authenticity of


Services document and non-repudiation. certificate holder.
Standard

Electronic Governance

Electronic Governance or E-Governance is the application of Information and


Communication Technology (ICT) for providing government services, interchange of statics,
communication proceedings, and integration of various independent systems and services.
Through the means of e-governance, government services are made available to citizens in a
suitable, systematic, and transparent mode.

Elements of E-Governance:
Basic elements of e-governance are:
1. Government
2. Citizens
3. Investors/Businesses

You might also like