In real world, the receiver of message
needs assurance that the message belongs to the sender and he should not be able
to alter the origination of that message. This requirement is very crucial in
business applications, because of the likelihood of a dispute over exchanged
data, and hence a new technological object called as digital signature has to
be adopted.
A digital signature is a technique that
binds a person or an entity to the digital data. It’s a mathematical scheme for
verifying the authenticity of digital messages or documents they are the
public-key primitives of message authentication. In the physical world, it is
common to use handwritten signatures on handwritten or typed messages as they
are used to bind the signatory to the message and this binding can be
independently verified by receiver as well as any third party. It is a
cryptographic value that is calculated from the data and a secret key known
only by the signer. A valid digital signature gives a recipient a reason to
believe that the message was created by a known sender (authentication), and
the sender cannot deny having sent the message and that the message was not
altered.
A unique digital ID (and a signing key)
is required to create a digital signature. Digital IDs or certificates are
based on asymmetric or public key cryptography which use key pairs which are
further a combination of public and private keys. Public keys are openly
distributed among the communicating entities and the private keys are kept
secret.
The digital signature can be used for
many of the same reasons that you might sign a paper document. A digital
signature is used to authenticate digital information, such as form templates,
e-mail messages, and documents- by using computer cryptography and they help to
establish the following:
Authenticity: It helps to assure that
the signer is who he or she claims to be.
Integrity: It helps to assure that the
content has not been changed or tampered with since it was digitally signed.
Non-repudiation: It helps in proving the
origin of the signed content to all parties. "Repudiation" refers to
the act of a signer denying any association with the signed content.