LOVELY

PROFESSIONAL
UNIVERSITY

Synopsis of Web Administration (CAP- 506)

Cryptography in Digital Signature

SUBMITTED BY: SUBMITTED TO:

Name: Sorabh Bhatia` Ms. Jasleen

Class: BCA-MCA Dept: CA

Reg no.: 3010060052

Roll no.: 08
 Cryptography In Digital Signature

Cryptography, to most people, is concerned with keeping communications private. Indeed, the
protection of sensitive communications has been the emphasis of cryptography throughout much
of its history. As we will see, however, this is only one part of today's cryptography.

Encryption is the transformation of data into some unreadable form. Its purpose is to ensure
privacy by keeping the information hidden from anyone for whom it is not intended, even those
who can see the encrypted data. Decryption is the reverse of encryption ; it is the transformation
of encrypted data back into some intelligible form.

Encryption and decryption require the use of some secret information, usually referred to as a
key. Depending on the encryption mechanism used, the same key might be used for both
encryption and decryption, while for other mechanisms, the keys used for encryption and
decryption might be different

Modern cryptography concerns itself with the following four objectives:

1) Confidentiality (the information cannot be understood by anyone for whom it was

unintended)

2) Integrity (the information cannot be altered in storage or transit between sender and intended
receiver without the alteration being detected)

3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her
intentions in the creation or transmission of the information)

4) Authentication (the sender and receiver can confirm each other?s identity and the
origin/destination of the information)

Digital Signature:-

A digital signature (not to be confused with a digital certificate) is an electronic signature that
can be used to authenticate the identity of the sender of a message or the signer of a document,
and possibly to ensure that the original content of the message or document that has been sent is
unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and
can be automatically time-stamped. The ability to ensure that the original signed message arrived
means that the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply
so that the receiver can be sure of the sender's identity and that the message arrived intact. A
digital certificate contains the digital signature of the certificate-issuing authority so that anyone
can verify that the certificate is real.

How It Works

Assume you were going to send the draft of a contract to your lawyer in another town. You want
to give your lawyer the assurance that it was unchanged from what you sent and that it is really
from you.

1. You copy-and-paste the contract (it's a short one!) into an e-mail note.

2. Using special software, you obtain a message hash (mathematical summary) of the contract.

3. You then use a private key that you have previously obtained from a public-private key
authority to encrypt the hash.

4. The encrypted hash becomes your digital signature of the message.

Cryptography in Digital Signature:-

One of the primary reasons that intruders can be successful is that most of the information they
acquire from a system is in a form that they can read and comprehend. When you consider the
millions of electronic messages that traverse the Internet each day, it is easy to see how a well-
placed network sniffer might capture a wealth of information that users would not like to have
disclosed to unintended readers. Intruders may reveal the information to others, modify it to
misrepresent an individual or organization, or use it to launch an attack.

One solution to this problem is, through the use of cryptography, to prevent intruders from being
able to use the information that they capture. Decryption refers to the process of taking cipher
text and translating it back into plaintext. Any type of data may be encrypted, including digitized
images and sounds. Cryptography secures information by protecting its confidentiality.
Cryptography can also be used to protect information about the integrity and authenticity of data.
For example, checksums are often used to verify the integrity of a block of information. A
checksum, which is a number calculated from the contents of a file, can be used to determine if
the contents are correct.

An intruder, however, may be able to forge the checksum after modifying the block of
information. Unless the checksum is protected, such modification might not be detected.
Cryptographic checksums (also called message digests) help prevent undetected modification of
information by encrypting the checksum in a way that makes the checksum unique. The
authenticity of data can be protected in a similar way. For example, to transmit information to a
colleague by E-mail, the sender the information to protect its confidentiality and then attaches an
encrypted digital signature to the message. When the colleague receives the message, he or she
checks the origin of the message by using a key to verify the sender's digital signature and
decrypts the information using the corresponding decryption key. To protect against the chance
of intruders modifying or forging the information in transit, digital signatures are formed by
encrypting a combination of a checksum of the information and the author's unique private key.
A side effect of such authentication is the concept of non repudiation. A person who places their
cryptographic digital signature on an electronic document cannot later claim that they did not
sign it, since in theory they are the only one who could have created the correct signature.
Current laws in several countries, including the United States, restrict cryptographic technology
from export or import across national borders. In the era of the Internet, it is particularly
important to be aware of all applicable local and foreign regulations governing the use of
cryptography.