EDS - what is it? Electronic digital signature: instruction for beginners

An electronic signature is a mathematical scheme designed to display the authenticity of electronic messages or documents. A valid digital signature provides all grounds for the recipient to believe that the message was created with the help of a known sender, that it was actually sent (authentication and faultlessness), and that the message was not changed during the transfer (integrity).

Answering the question: "EDS - what is it?" - it is worth noting that digital signatures are the standard element of most cryptographic protocol sets and are commonly used for software distribution, financial transactions, and in many other cases when it is important to determine a counterfeit Or falsification.

Digital signatures are often used to implement electronic signatures. This is a broader term that refers to any data of the electronic type. However, not every electronic signature is digital.

Digital signatures use asymmetric cryptography. In many cases, they provide a certain level of verification and security for messages that have been sent over an unprotected channel. Being properly implemented, the digital signature allows to believe that the message was sent using the claimed sender. Digital prints and signatures are equivalent to handwritten signatures and real seals.

EDS - what is it?

Digital signatures are similar to traditional handwritten signatures in many respects, and they are harder to forge than handwritten signatures. Digital signature schemes have a cryptographic basis and must be performed properly, so as not to lose efficiency. How to sign an EDS document? You need to use 2 paired crypto switches.

EDS can also implement the principle of non-failure. This means that the subscriber can not successfully claim that he did not sign the message. In addition, some schemes offer a timestamp for a digital signature and even if the private key is exposed, the signature remains valid. EDS can be represented as a bit string and can be applied in e-mail, contracts or a message sent using any cryptographic protocol.

Cryptography with public key or EDS structure

What it is? The digital signature scheme includes three algorithms simultaneously.

Key generation algorithm that selects the secret key in a uniform and random way from the set of possible private ones. He issues a secret key and walks with him in a pair open.

Algorithm of the signature, which, given the message and the private key, actually produces the signature.

The verification algorithm of the signature, which takes into account the message, the public key and the signature and accepts or rejects the sending of the letter, determining the authenticity.

How to install EDS?

In order to use a digital signature, it is necessary to give it two basic properties. What do you need to consider before you sign the EDS document?

First, the authenticity of the signature generated from the fixed message and the private key can be verified with the appropriate open information.

Secondly, it should be computationally unachievable to find the right signature without knowing the secret key. EDS is an authentication mechanism that allows the message creator to attach a code that acts as a signature.

Applying digital signatures

As modern organizations gradually move away from paper documents with ink-signed signatures, EDSs can provide additional authentication and proof of the authorship, identity and status of the document. In addition, a digital signature can be a means of confirming the informed consent and approval of the signatory. Thus, EDS for individuals is a reality.

Authentication

Although the letters may include detailed information, it is not always possible to reliably identify the sender. Digital signatures can be used to authenticate the source of messages. When the EDS secret key is attached to a specific user, it confirms that the message was sent to them. The importance of confidence that the sender is genuine, is particularly evident in the financial spheres.

Integrity

In many scenarios, the sender and the recipient of a letter need to confirm that it has not been changed during transmission. Although encryption hides the contents of the sent object, it is only possible to change the encrypted message, without understanding its meaning. Some encryption algorithms can prevent this, but not in all cases. In any case, checking the EDS during decryption will detect a violation of the integrity of the message.

However, if the message is signed with a digital signature, any change in it after signing disavows the signature. In addition, there is no effective method to change the message and generate a new one with a valid signature, because it is considered computationally impossible.

Indeliability

The incontrovertibility or impossibility of denying the origin of the letter is an important aspect in the development of EDS. What it is? This means that a legal entity that has sent some information can not deny that it signed it. Similarly, access to the public key does not allow attackers to forge a valid signature. The same consequences are borne by the use of EDS for individuals.

At the same time, one should emphasize that all the properties of authenticity, non-repudiation, etc. Depend on the secret key, which should not be revoked before it is used. Public keys must also be canceled with the secret keys after use. The EDS check for "recall" occurs on a specific request.

Entering a secret key on a smart card

All cryptosystems operating on the principles of using an open / private key are completely dependent on the content of the data in a secret. The secret EDS key can be stored on the user's computer and be protected by a local password. However, this method has two drawbacks:

• The user can sign documents exclusively on this particular computer;
• The security of a private key depends entirely on the security of the computer.

A more reliable alternative for storing a secret key is a smart card. Many smart cards are equipped with protection against unauthorized interference.

Typically, the user must activate his smart card by entering a personal identification number or PIN (thus providing two-factor authentication). It can be arranged so that the private key never leaves the smart card, although this is not always realized in the EDS crypto.

If the smart card is stolen, the attacker will still need a PIN to create a digital signature. This somewhat reduces the security of this scheme. A mitigating factor is that the generated keys, if stored on smart cards, are generally difficult to copy, it is assumed that they exist only in one instance. Thus, when the loss of the smart card is detected by the owner, the corresponding certificate can be immediately withdrawn. Closed keys, protected only by software, are easier to copy, and such leaks are much harder to detect. Therefore, the use of EDS without additional protection is unsafe.