A digital signature is a mathematical scheme for insuring the authenticity of a message or a document. A recipient of the message or document verifies the source using the digital signature. In addition, the digital signature may also be used to detect tampering of the data in transit. A digital signature is generated using private key material that is usually associated with a digital certificate.
A digital certificate may be created by a public key infrastructure (PKI), including a private key and a public key. The digital certificate is created by generating a digital signature over public key material and can be verified using the signer's public key. In order for the digital certificate system to be secure, the signer's private key must be kept secure. If the private key is leaked or otherwise compromised, even for a short period of time, perfect forgeries of digital signatures may be issued. An unauthorized user may gain access to the private key and make a copy of the private key, thus allowing unauthorized forgeries of digital signatures and digital certificates. Additionally, forged digital signatures may be created when an unauthorized user gains temporary control of a computer storing the private key. Even if the computer prevents unauthorized copies, the unauthorized user may instruct the computer to generate unauthorized digital signatures, including creation of digital certificates. Techniques have been devised for revoking forged copies of digital certificates but not for revoking digital signatures in general.