Digital signature

[4][5] Electronic signatures have legal significance in some countries, including Brazil, Canada,[6] South Africa,[7] Russia,[8] the United States, Algeria,[9] Turkey,[10] India,[11] Indonesia, Mexico, Saudi Arabia,[12] Uruguay,[13] Switzerland, Chile[14] and the countries of the European Union.

Digital signature schemes, in the sense used here, are cryptographically based, and must be implemented properly to be effective.

Formally, a digital signature scheme is a triple of probabilistic polynomial time algorithms, (G, S, V), satisfying: For correctness, S and V must satisfy A digital signature scheme is secure if for every non-uniform probabilistic polynomial time adversary, A where AS(sk, · ) denotes that A has access to the oracle, S(sk, · ), Q denotes the set of the queries on S made by A, which knows the public key, pk, and the security parameter, n, and x ∉ Q denotes that the adversary may not directly query the string, x, on S.[20][21] In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only conjectured that such schemes existed based on functions that are trapdoor one-way permutations.

The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.

[29] In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of digital signature schemes.

In the random oracle model, hash-then-sign (an idealized version of that practice where hash and padding combined have close to N possible outputs), this form of signature is existentially unforgeable, even against a chosen-plaintext attack.

As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory.

The United States Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.

A digital signature scheme on its own does not prevent a valid signed message from being recorded and then maliciously reused in a replay attack.

For example, the branch office may legitimately request that bank transfer be issued once in a signed message.

Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.

Typically, a user must activate their smart card by entering a personal identification number or PIN code (thus providing two-factor authentication).

If the smart card is stolen, the thief will still need the PIN code to generate a digital signature.

Entering a PIN code to activate the smart card commonly requires a numeric keypad.

Readers with a numeric keypad are meant to circumvent the eavesdropping threat where the computer might be running a keystroke logger, potentially compromising the PIN code.

To protect against this scenario, an authentication system can be set up between the user's application (word processor, email client, etc.)

One of the main differences between a cloud based digital signature service and a locally provided one is risk.

In order to be semantically interpreted, the bit string must be transformed into a form that is meaningful for humans and applications, and this is done through a combination of hardware and software based processes on a computer system.

In particular this also means that a message cannot contain hidden information that the signer is unaware of, and that can be revealed after the signature has been applied.

The term WYSIWYS was coined by Peter Landrock and Torben Pedersen to describe some of the principles in delivering secure and legally binding digital signatures for Pan-European projects.

Legislatures, being importuned by businesses expecting to profit from operating a PKI, or by the technological avant-garde advocating new solutions to old problems, have enacted statutes and/or regulations in many jurisdictions authorizing, endorsing, encouraging, or permitting digital signatures and providing for (or limiting) their legal effect.

Other countries have also passed statutes or issued regulations in this area as well and the UN has had an active model law project for some time.

These enactments (or proposed enactments) vary from place to place, have typically embodied expectations at variance (optimistically or pessimistically) with the state of the underlying cryptographic engineering, and have had the net effect of confusing potential users and specifiers, nearly all of whom are not cryptographically knowledgeable.

[15] Generally, these provisions mean that anything digitally signed legally binds the signer of the document to the terms therein.

Alice signs a message—"Hello Bob!"—by appending a signature which is computed from the message and her private key. Bob receives the message, including the signature, and using Alice's public key, verifies the authenticity of the signed message.
Alice signs a message—"Hello Bob!"—by appending a signature which is computed from the message and her private key. Bob receives both the message and signature. He uses Alice's public key to verify the authenticity of the signed message.