As said earlier digital signatures are like fingerprints comprising encrypted information about the signatory. The popularity accrues from the fact that they are difficult to manipulate and hence are used globally for authorizing contracts, forms, and legal documents pertaining to various sectors like e-tendering, Income Tax, GST and ROC filing, etc.
The technology is still in the development stage and is promising enough to support eCommerce in the time to come.
Three main plus points of these secure electronic signatures:
The signer encrypts data pertaining to the electronic documents during the process using a hash algorithm like SHA 256. The encrypted data is known as a cryptographic hash or a digest and is unique for every document encrypted. At the same time, a public key is generated that is used by the receiver. The public key is accompanied by the DSC, and the digest is sent to the receiver who uses it to decrypt the encrypted data. In public key encryption systems, users make their public key available to anyone and keep their private key secret.
A private key is a string of numbers generated by the signer and it is only known to him or her but it is shared between the sender and the receiver in some cases. (Read Symmetric Key Algorithms). A private key to encrypt documents is created using hash algorithms. There are many hash algorithm generators such as:
- SHA 256
Hash Generator Online. Another Hash Generator Tool. The last one SHA 256 is most commonly used. The private key is saved in the sender's computer.
The digital signature is obtained from a licensing authority, certifying authority (CA), or its partner, thus is a third party authorization at a price. The CA or authority issues DSC after verifying your documents along with a video verification in a token which is similar to a pen drive.
One look at the graph by clicking the link will explain what a digital ID or Certificate is.
Please copy and paste the link shown above in your browser to see the certificate at the bottom as I cannot paste a graph here since it will be a copyright violation. The digital certificate is self-explanatory.
The DSC or the public key ensures that the document is not tampered with by using the key that returns the same hash value as sent by the sender. It does not matter if the public key has been appropriated by someone else, the digital signature is just a way of certifying the sender! It certifies the source remember!