Switch headers Switch to TIGweb.org

Are you an TIG Member?
Click here to switch to TIGweb.org

HomeHomeExpress YourselfPanoramaDigital Signature
a TakingITGlobal online publication

(Advanced Search)

Panorama Home
Issue Archive
Current Issue
Next Issue
Featured Writer
TIG Magazine
Short Story
My Content
Digital Signature Printable Version PRINTABLE VERSION
by Nischal, Nepal Jan 8, 2005
Technology   Opinions
 1 2   Next page »


The electronic transaction act popularly known as the cyber law has just been introduced in Nepal. This law basically aims to give legal status for the electronic documents. In ordinary documents, the authentication of many legal, financial and other documents is determined by the presence or the absence of an authorized handwritten signature. But, for the computerized message systems to replace the physical transport of paper and ink documents, a method must be found to allow documents to be signed in a way so that no one can replicate the signature. The method of devising the method of creating the digital signature is the most complex and sensitive step in authenticating the document. Generally, an encryption mechanism is used to authenticate the sender of the message. Creating electronic signatures may involve the use of cryptography in two ways: symmetric (or shared private key) cryptography or asymmetric (public key/private key) cryptography. The latter is used in producing digital signatures, discussed further below.

Shared Symmetric Key Cryptography

In shared symmetric key approaches, the user signs a document and verifies the signature using a single key (consisting of a long string of zeros and ones) that is not publicly known, or is secret. Since the same key does these two functions, it must be transferred from the signer to the recipient of the message. This situation can undermine confidence in the authentication of the user's identity because the symmetric key is shared between sender and recipient and therefore is no longer unique to one person. Since the symmetric key is shared between the sender and possibly many recipients, it is not private to the sender and hence has lesser value as an authentication mechanism. This approach offers no additional cryptographic strength over digital signatures. Further, digital signatures avoid the need for the shared secret.

Public/Private Key (Asymmetric) Cryptography - Digital Signatures

To produce a digital signature, a user has his or her computer generate two mathematically linked keys -- a private signing key that is kept private, and a public validation key that is available to the public. The private key cannot be deduced from the public key. In practice, the public key is made part of a "digital certificate," which is a specialized electronic file digitally signed by the issuer of the certificate, binding the identity of the individual to his or her private key in an unalterable fashion. The whole system that implements digital signatures and allows them to be used with specific programs to offer secure communications is called a Public Key Infrastructure.

A "digital signature" is created when the owner of a private signing key uses that key to create a unique mark (the signature) on an electronic document or file. The recipient employs the owner's public key to validate that the signature was generated with the associated private key. This process also verifies that the document was not altered. Since the public and private keys are mathematically linked, the pair is unique: only the public key can validate signatures made using the corresponding private key. If the private key has been properly protected from compromise or loss, the signature is unique to the individual who owns it, that is, the owner cannot repudiate the signature. In relatively high-risk transactions, there is always a concern that the user will claim someone else made the transaction. With public key technology, this concern can be mitigated. To claim he did not make the transaction, the user would have to feign loss of the private key. By creating and holding the private key on a smart card or an equivalent device, and by using a biometric mechanism (rather than a PIN or password) as the shared secret between the user and the smart card for unlocking the private key to create a signature, this concern can be mitigated. In other words, combining two or three distinct electronic signature technology approaches in a single implementation can enhance the security of the interaction and lower the potential for fraud to almost zero. Furthermore, by establishing clear procedures for a particular implementation of digital signature technology, so that all parties know what the obligations, risks, and consequences are, agencies can also strengthen the effectiveness of a digital signature solution.
The reliability of the digital signature is directly proportional to the degree of confidence one has in the link between the owner's identity and the digital certificate, how well the owner has protected the private key from compromise or loss, and the cryptographic strength of the methodology used to generate the public-private key pair. The cryptographic strength is affected by key length and by the characteristics of the algorithm used to encrypt the information.
The Nepalese cyber law has recognized the asymmetric cryptography and the hash function cryptography. The law also has a provision of an official called the controller who has the authority of controlling all the mechanisms regarding the digital signature on the behalf of the government. The major jobs assigned to the controller by the law are:

 1 2   Next page »   


You must be logged in to add tags.

Writer Profile

Name: Nischal Dahal
Profession: Computer Professional.

I have a strong desire to use the ICT in the development of countries. These countries have tremendous potentials but are in hand of those people who are not aware of the power of technology to accelerate their country like a rocket in the path of development. I believe if technology is used in right way the poverty can be easily be eliminated.

I am a strongly against reservation of seats of backward communities in higher education because i believe the schooling must be free to those people and the government should make sure that everybody gets basic education. Then everybody should have right to compete for higher education. If the higher education is taken as granted then the a handful of people will enjoy the benefit and grass root level remains in same level
You must be a TakingITGlobal member to post a comment. Sign up for free or login.