Public key cryptography
Digital signatures are based on public-key
cryptography (or asymmetric cryptography), which involves using
public/private key pairs for encrypting and decrypting text:
The private key is used to encrypt text and documents. Private
keys are kept safe.
The corresponding public key is used to decrypt the text
that is encrypted by the private key. The public key can decrypt
only the text that is encrypted with the associated private key.
Public keys are distributed, sometimes widely.
For
example, Tony Blue uses his private key to encrypt email messages
before sending them to recipients. The recipients require the public
key to decrypt the messages and read them. Tony must provide the
recipients with the public key before they can read his email messages.
Digital certificates
Digital certificates can be used to verify
the authenticity of digital signatures. Digital certificates bind
a public key with a person’s identity:
Certificates
can be issued by certificate authorities (CA), a trusted third party. CAs
verify the identities of the people who they issue certificates
to. If you trust the CA, you trust the certificates they issue.
Certificates can also be self-signed. Self-signed certificates
are typically generated by the certificate owner. Certificates are
useful when you are certain that you can trust the owner.
CAs
publish certificate revocation lists (CRL) that contain the serial
numbers of the certificates that are no longer valid. CRLs have
expiry dates and are typically updated periodically.
Similar
to using CRLs, Online Certificate Status Protocol (OCSP) is used
for obtaining the status of X.509 certificates. OCSP enables certificate
status to be updated and obtained more quickly than CRL systems.
CAs
can delegate the authority to issue certificates to lower-level
CAs. The result can be a hierarchy of CAs. A certificate chain indicates
the path in the hierarchy from a lower-level CA to the root CA.
Certificates that are issued by lower-level CAs include the certificate
chain. The authenticity of each CA in the chain can be verified.
Digital credentials
Credentials are used to digitally sign documents.
A credential contains a user’s private key and other identifying
information, such as an alias. A password is required to access
the contents of the credential. Different standards define the content
of a credential and the format. The following standards are two examples:
Personal Information Exchange Syntax Standard (PKCS #12)
defines a file format for storing the private key and the corresponding
digital certificate.
Cryptographic Token Interface (PKCS #11) defines an interface
for retrieving credentials that are stored in hardware.
Digital Signatures
Digital signatures are an encrypted digest
of the document that is signed. The digest and the signer’s certificate
are used to validate the integrity of the document.
When
a document is digitally signed, a digest of the document contents
is created by using a hashing algorithm. The digest is unique for
the document, and the document cannot be reconstructed by using
the digest. The digest is encrypted by using the signer’s private
key to create the signature.
The signature and the certificate
that corresponds with the private key that is used to create the
signature are typically bundled with the document.
Signatures
can include timestamps. Time Stamp Protocol (TSP) is used to establish
the time at which a digital signature is created. This information
is useful for verifying that a digital signature was created before
the associated certificate was revoked. A Time Stamp Authority (TSA)
provides services for obtaining and verifying timestamp information.
Validating document integrity
To validate the signature, the public
key in the certificate is used to decrypt the digest. The digest
is then recalculated and compared with the decrypted digest. If
the digests are identical, the document has not been altered.
