A digital guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the content were altered. The two major applications of digital signatures are for setting up a secure connection to a Web site and verifying the integrity of files transmitted (more below).
An Encrypted Digest
The digital signature is an encrypted digest of the file (message, document, driver, program) being signed. The digest is computed from the contents of the file by a one-way hash function such as MD5 or SHA-1 (see MD5 and SHA-1) and then encrypted with the private part of a public/private key pair (see RSA). To prove that the file was not tampered with, the recipient uses the public key to decrypt the signature back into the original digest, recomputes a new digest from the transmitted file and compares the two to see if they match. If they do, the file has not been altered in transit by an attacker. See MD5.
An Encrypted Digest
A digital signature is an encrypted digest of a file. The digest was created with a one-way hash function from the file's contents.
Signed Certificates
The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a Web site in order to establish an encrypted connection for credit card and other confidential data (see SSL and digital certificate).
Signed Files
The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a Web site. Code signing also uses signed digital certificates to verify the identity of the site (see code signing and digital certificate). Also see digital envelope and electronic signature.
The Illustrations Below
The following two illustrations show how digital signatures are used for data integrity in both non-private and private exchanges. Because of the requirement of disseminating keys, the following methods are used mostly between two parties that communicate with each other on a regular basis and not by the public in general. The references to the man and woman are used to help explain the concept; however, all functions are automatically performed by the software.
Integrity, But No Privacy
The woman makes her message tamper proof by encrypting the digest into a "digital signature," which accompanies the message. At the receiving side, the man uses her public key to verify the signature. However, the message text is sent "in the clear" and could be read by an eavesdropper.
Message Integrity and Privacy
In this example, the woman signs her message and also encrypts the signature and message with the man's public key for privacy (confidentiality). When he receives the encrypted signed message, he decrypts it with his private key to expose the text he can now read along with the signature. He then verifies the signature to ensure the message was not tampered with.
An Encrypted Digest
The digital signature is an encrypted digest of the file (message, document, driver, program) being signed. The digest is computed from the contents of the file by a one-way hash function such as MD5 or SHA-1 (see MD5 and SHA-1) and then encrypted with the private part of a public/private key pair (see RSA). To prove that the file was not tampered with, the recipient uses the public key to decrypt the signature back into the original digest, recomputes a new digest from the transmitted file and compares the two to see if they match. If they do, the file has not been altered in transit by an attacker. See MD5.
An Encrypted Digest
A digital signature is an encrypted digest of a file. The digest was created with a one-way hash function from the file's contents.
Signed Certificates
The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a Web site in order to establish an encrypted connection for credit card and other confidential data (see SSL and digital certificate).
Signed Files
The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a Web site. Code signing also uses signed digital certificates to verify the identity of the site (see code signing and digital certificate). Also see digital envelope and electronic signature.
The Illustrations Below
The following two illustrations show how digital signatures are used for data integrity in both non-private and private exchanges. Because of the requirement of disseminating keys, the following methods are used mostly between two parties that communicate with each other on a regular basis and not by the public in general. The references to the man and woman are used to help explain the concept; however, all functions are automatically performed by the software.
Integrity, But No Privacy
The woman makes her message tamper proof by encrypting the digest into a "digital signature," which accompanies the message. At the receiving side, the man uses her public key to verify the signature. However, the message text is sent "in the clear" and could be read by an eavesdropper.
Message Integrity and Privacy
In this example, the woman signs her message and also encrypts the signature and message with the man's public key for privacy (confidentiality). When he receives the encrypted signed message, he decrypts it with his private key to expose the text he can now read along with the signature. He then verifies the signature to ensure the message was not tampered with.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- PDF Sign&Seal 4.3.0 (Windows)
- PDF Sign&Seal brings enhanced digital signature, time-stamping and strong encryption capability to PDF documents. It has been specifically designed for busy managers who need to easily sign or protect a business document, be it a purchase order, an invoice, a report, a proposal, compliance statement or assessment review. It provides...
- Software downloads 2009-11-12
- Recover PDF Password 2.3.0.60 (Windows)
- Recover PDF Password is a PDF password recovery tool by Eltima Software, which recovers passwords of PDF files if they were lost or forgotten. It can recover both owner password, which prevents opening a PDF file and user password, which protects information in PDF from being printed, copied or edited....
- Software downloads 2009-11-12
- Sony Ericsson Equinox TM717 - carbon black (T-Mobile)
- Photo gallery:Sony Ericsson Equinox TM717The Sony Ericsson Equinox is the first phone from the manufacturer to land at T-Mobile since the TM506. In many ways the Equinox is a fitting successor; like the TM506 it has a thin flip phone design and it sports a similar feature set that includes...
- Product reviews 2009-11-03
- Disclaimer, S/MIME for IIS SMTP Service and Exchange Server 1.0 (Windows)
- With this tool, your IIS SMTP Service and Exchange Server will be enabled to add disclaimer and digital signature to outgoing emails from specified senders or domains. Moreover, email encryption (with using the recipient's digital certificate) and S/MIME (Secure / Multipurpose Internet Mail Extensions) will become fully supported in your...
- Software downloads 2009-10-26
- PE Explorer 1.99 R6 (Windows)
- PE Explorer provides a UI for exploring and editing the contents of EXE, DLL, ActiveX controls, and other 32-bit executable file formats. PE Explorer comes with a visual resource editor, PE header viewer, automatic UPX and Upack unpackers, exported and imported API function viewer and syntax lookup, digital signature viewer,...
- Software downloads 2009-10-22
- EvriChart: A Linux Success Story
- Tony Maro, CIO of EvriChart, a hospital records management and archiving business, successfully migrated his company's Windows-based line of business document management extranet application and his employees' 40-odd Windows-based desktops to a 100 percent Linux-based server and desktop infrastructure. Jason Perlow interviews Tony Maro, CIO...
- Blog posts 2009-10-20
- It's time to bring the EULA madness to an end!
- My gripe with EULA is when I'm patching software.Why do I need to read an EULA when I'm patching a piece of software (I'm looking at you iTunes)? Shouldn't the patch be covered under the same EULA agreed to when initially installing the software?As for understanding them I do. They...
- Discussion threads 2009-10-08
- Plugin Pack (Mobile)
- Add-ins MobiAccess Add-ins or Plugins are small extensions that add new functionality to the framework. They allow you to customize MobiAccess to fit your own needs and preferences. You can buy Add-ins in themself or you can buy the Plugin Pack which contains the all add-ins. They are the following:...
- Software downloads 2009-10-05
- SafenSec Personal 3.5 (Windows)
- Tens of thousands of new viruses arrive in security companies' research labs every day. Anti-virus products that protect you the traditional way - with a 'signature' to detect each virus - simply can't keep up. A new approach is needed. That approach is SafenSec. SafenSec Personal uses unique proactive technology,...
- Software downloads 2009-10-01
- PDF Sealer 6.34 (Windows)
- Users can digitally sign the PDF with certificates managed by Windows. The digital signature is compliant with standard PDF signature interchange standard, which can be verified by Acrobat reader or compatible handler directly. Users can apply signing multiple times in workflow for reviewing. Users can also apply or modify the...
- Software downloads 2009-09-24
- Metron 1.1 (Mobile)
- Metron, the brainchild of a classically trained musician, aids in the practice of runs, excerpts and complete compositions. Featuring an intuitive front panel, you can launch and start practicing instantly. An organized back panel provides access to powerful extra features. In addition to the usual single and multiple beat ticks...
- Software downloads 2009-09-22
- Digital Signatures for Human Resource Uses
- It is not unusual for Human Resource HR specialists to find themselves buried under tons of paperwork requiring signatures. These professionals know that today's process for reviewing, approving, and archiving HR documentation consumes a tremendous amount of time and money. As a result, electronic documents are increasingly used in various...
- White papers 2009-09-15
- Perfect Office Icons 2009.7 (Windows)
- Perfect Office Icons collection is a set of royalty-free icons which has been specially designed to breathe a new life into all of your office applications. Whether a text editor, a graphic editor, information manager or visual-presentation creator, you will find it easy and convenient to spice up the GUI...
- Software downloads 2009-09-15
- Twin 1.1.2 (Mac)
- Twin is the most flexible online backup solution for Mac OS X, compatible with most Internet servers: FTP, FTPS, SFTP, WebDAV, Amazon S3, MobileMe. It even supports offline backups to external drives. Twin is a true Mac product that preserves Finder info, resource forks, ACLs, Privileges and comes with an...
- Software downloads 2009-09-11
- Alien Skin Exposure 2.0.1 (Mac)
- Exposure brings the look and feel of film to digital photography. Simulate the warmth and softness of real world film, both color and black and white. Reproduce realistic film grain, and simplify your digital photography workflow. You can now digitally simulate the vivid colors of Velviar, the rich blacks of...
- Software downloads 2009-09-02
- Universal Signing With OmniSign
- This paper describes how to use the CoSign OmniSign application to manage all digital signature related operations in a PDF document, and sign any printable data from any application. The major benefits offered by OmniSign include Sign non-PDF documents by using the document's application File - Print command. While CoSign...
- White papers 2009-08-24
- Aloaha PDF Signator 3.9.117 (Windows)
- The Aloaha PDF Signator can sign any existing PDF Document. Aloaha does not require special prepared PDF documents or signature fields. The digital signature of the PDF file will automatically be checked and indicated by the PDF viewer Acrobat Reader. The customer needs not to install specific software for this...
- Software downloads 2009-08-22
- Apple's future TV: Can Web-based apps replace "channels," kill cable?
- AppleTV only called a hobby after its dismal failureTo be sure, Apple did [b]not[/b] call AppleTV a "hobby" when they released it. It was only after they released the dismal sales figures for this piece of garbage that they "apologized" by calling it a hobby.You know what Apple should do...
- Discussion threads 2009-08-20
- Digital Signatures for Microsoft Office SharePoint Server: A Digital Signature for Microsoft SharePoint
- CoSign for SharePoint is a solution that extends digital signature capabilities to the Microsoft SharePoint environment. CoSign for SharePoint is designed specifically for integration with Microsoft SharePoint, enabling users to seamlessly sign PDF documents, lists and records centrally located on the SharePoint server via the SharePoint interface. This enables signature-based...
- White papers 2009-08-19
- Signing in Microsoft Office 2007 Documents
- CoSign enables one to add digital signatures, as well as graphical signatures, to .docx and .xlsx Office 2007 documents using a special plug-in called ARX Signature Line Provider. The basic signing process consists of placing signature place-holders or signature fields in the desired locations in the document, and signing each...
- White papers 2009-08-19
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
