Overview [1]#
Digital Signature is a mathematical scheme for demonstrating the Authenticity of a digital message or data.
Digital Signature Algorithms and therefore Digital Signature are not Encryption even though they are Cryptographic Primitives
Digital Signature is the output (hash) of a Cryptographic Hash Function when applied to a stream of data.
A valid Digital Signature for a message sent from Alice gives a Bob a high Level Of Assurance to trust that:
- Authentication - the message was created by a known Alice AND
- Non-Repudiation - that the Alice cannot deny having sent the message AND
- integrity - that the message was not altered in since the Digital Signature was applied AND
- Authentication - the message was created by a known Alice (Assumes the recipient has a method to know that Alice is the owner of the Public Key)
Digital Signature are commonly used for Public Key Infrastructure, financial transactions, and in other cases where it is important to detect Authenticity or integrity.[1]
Digital Signatures are based on Public Key cryptography, also known as Asymmetric Key Cryptography
Digital Signatures and Paper Signatures#
Digital Signatures schemes, invented by Diffie-Hellman and formalized by Goldwasser, Micali and Rivest, not only provide the electronic equivalent of signing a paper document with a pen but also are an important building block for many cryptographic protocols such as anonymous voting schemes, e-cash, and Anonymous Credential schemes, to name just a few.How Digital Signature works#
Digital Signature requires a Digital Signature Algorithm which includes:Why Hash Function vs Encryption?#
The reason for encrypting the hash instead of the entire message or document is that a Hash Function can convert a Message into a fixed length value, which is usually much shorter and faster and requires less CPU since hashing is much faster than signing.Digital Signature Algorithms#
Signatures with efficient protocols#
Signatures with efficient protocols are a form of Digital Signaturee invented by Jan Camenisch and Anna Lysyanskaya in 2001. In addition to being secure digital signatures, they need to allow for the efficient implementation of two protocolsMore Information#
There might be more information for this subject on one of the following:- Anonymous Credential
- Asymmetric Key
- Asymmetric Key Cryptography
- Authenticode
- Authorization Cross Domain Code 1.0
- Best Practices OpenID Connect
- Block Cipher Mode
- Blockchain
- By-value
- CBOR Object Signing and Encryption
- CL Signature
- CRLSign
- Certificate Algorithm ID
- Certificate Authority
- Certificate Chain
- Certificate Validation
- Certificate-based Authentication
- CertificateVerify
- Ciphers-SUITEB128ONLY
- Client Secret
- ContentCommitment
- Cryptographic Key
- Cryptographic Primitive
- Data Provenance
- Deprecating TLSv1.0 and TLSv1.1
- Diffie-Hellman or RSA
- Digital Key
- Digital Signature Algorithm
- Digital Signature Standard
- DigitalSignature
- Digitally Signed
- DomainKeys Identified Mail
- E-residency
- ES256
- Edwards-curve Digital Signature Algorithm
- Electronic Signatures
- Elliptic Curve
- Encryption
- FIDO
- FIPS 186
- Group Signatures
- Hash Function
- Id_token_signed_response_alg
- Identity Certificate
- Identity Token
- Identity Token Validation
- Identity Toolkit ID Token
- Impersonation-resistant
- JOSE Header
- JSON Web Encryption
- JSON Web Signature
- JSON Web Tokens
- JSON-LD Examples
- Kerberos Error Codes
- Kerberos Service Account
- Key
- Key Life cycle
- Key wrapping
- KeyCertSign
- KeyUsage
- LSA Protection
- Linked Data Signatures
- Login_hint_token
- Message Authentication Code
- MimbleWimble
- NIST.SP.800-107
- NSA Suite B Cryptography
- National Identification Number
- Networking and Cryptography library
- Nevis Security Suite
- Non-Repudiation
- NonRepudiation
- OAuth 2.0 Audience Information
- OAuth Dynamic Client Registration Metadata
- OAuth state parameter
- Off-the-Record Messaging
- OpenID Connect Federation
- PKCS 1
- PKCS7
- Plenum Byzantine Fault Tolerant Protocol
- Private Key
- Privilege Management Infrastructure
- Probabilistic Signature Scheme
- RFC 6376
- RSA Cryptography
- RSA key-exchange
- Rich Credential
- Ring Signature
- SAFE-BioPharma
- SASL
- SHA-1
- SUITEB128
- SUITEB192
- Secure MIME
- Self-signed Certificate
- Signature Generation
- Signature Verification
- Signatures with efficient protocols
- Signing key
- Sovrin
- TBSCertificate
- TLS 1.2
- TLS 1.3
- The Simple Public-Key GSS-API Mechanism
- Tink
- Trust Anchor
- U-Prove
- Verifying Certificate Signatures
- W3C Web Crypto API
- Web Blog_blogentry_140216_1
- Web Blog_blogentry_150617_1
- Web of Trust
- WebAuthn Attestation
- Why Use Tokens
- [#1] - Digital Signature
- based on information obtained 2013-04-10
