Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


February 1999

Digital Signature Technology


From the February 1999 Edition
of Windows IT Pro
Tao Zhou
Focus
InstantDoc #4772
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Secure Your E-Commerce Documents

Exchanging documents over the Internet is common in e-commerce. Such documents often contain sensitive information—for example, legal contracts, information concerning technological innovation, financial transactions. To prevent hackers from intercepting and reading e-commerce documents traveling through e-space, you must encrypt those documents. If you want your documents to be truly secure, however, you must sign them digitally. A digital signature on an e-commerce document serves as a guarantor of data origin, integrity, and nonrepudiation. When a customer digitally signs an online purchase order, for example, the merchandiser—through the document's digital signature—can identify the customer who originated the order, can verify that no one tampered with the contents of the order in transit, and has proof that a particular customer made a specific order.

Digital signatures have been with us since 1976, when Diffie and Hellman introduced the digital signature as an application of public key cryptography. Only recently, however, have businesses and governments started to use digital signature technology to protect sensitive documents on the World Wide Web. In September 1998, President Bill Clinton and Irish Prime Minister Bertie Ahern digitally signed an intergovernmental e-commerce document that is the world's first such document to use digital signature technology. Microsoft used digital signature technology to develop Authenticode technology, which secures Web-downloadable codes.

As the need for digital signature technology grows, several software companies, including Entrust Technologies and Network Associates, have delivered commercial security software that lets users employ digital signatures to secure e-commerce documents. In this article, I'll explain digital signature technology. I'll also discuss some currently available digital signature software products and offer guidelines to help you plan your company's digital signature solution.

What Is a Digital Signature?
Digital signature technology grew out of public key cryptography. In public key cryptography, you have two keys: a private key and a public key. When you send a document to someone, you use your private key to sign the document. When recipients receive the signed document, they use the sender's public key to authenticate the document.

Figure 1 illustrates the digital signature process. Suppose you want to send a digitally signed document to John. After you create the document, you pass it through a message hash algorithm. The algorithm generates a hash of the document that is a checksum of the contents of the document. You then encrypt the message hash with your private key. The result is a digital signature. You append this digital signature to the document to form a digitally signed document, then send it to John.

When John receives the document, he passes the document contents through the same message hash algorithm that you used, and creates a new hash. At the same time, John uses your public key to decrypt your digital signature, thereby converting the signature to the original hash. John then compares the newly generated hash and the original hash. If the hashes match, John can be sure that the document he received is really from you and that no one altered it during transmission. If the hashes don't match, John knows that tampering or a transmission error changed the document contents.

The most commonly used message hash algorithms are Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1). MD5 can produce a 128-bit hash, and SHA-1 can produce a 160-bit hash. The hash algorithm is a one-way function that generates a one-way hash. Therefore, no one can derive original document contents from a message hash. The chance that two documents will have the same hash is almost zero. For example, the possibility that MD5 will output the same hash for two different documents is 1/2128. (2128 translates into about 1,500 documents for every square meter of the earth's surface.)

A digital signature is superior to a traditional handwritten signature. A skilled forger can alter the contents of a document with a handwritten signature or move a signature from one document to another without being detected. With digital signature technology, however, any change in a signed document—such as content modification or signature replacement—causes the digital signature verification process to fail.

   Previous  [1]  2  3  4  Next 


Reader Comments
very useful article

Anonymous User February 10, 2005 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...

Microsoft Delivers Service Pack 2 Beta 2 for Vista, Server 2008

Microsoft on Tuesday announced the availability of the Beta 2 version of Service Pack 2 (SP2) for Windows Vista and Windows Server 2008. Since both operating systems were developed from the same code base, they have a common servicing structure and thus ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Security Whitepapers The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management

Protecting (You and) Your Data with Exchange Server 2007
Related Events How IE7 & The New Extended Validation SSL Certificates Impact Your Site

Top 10 Email Security Challenges and Solutions

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Implement a Successful Archiving Solution
View this web seminar to learn the best practices for creating an email archive that is secure, compliant, and searchable.
Protect Your Company’s Digital Assets
Do you know the risks of sending important files over email or FTP? Read this white paper to learn what you can do to safeguard your company’s data.

Prepare Yourself for Exchange Catastrophe
Read this white paper to learn how you can keep Exchange server healthy, as well as predict and respond to server failure.

Boost Customer Confidence and Satisfaction
Read this eBook to learn how faxing can ease communication with less computer-savvy customers while reducing your security, compliance and support woes.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing