A digital signature is basically a way to ensure that an electronic document, such as an email, spreadsheet, file, etc., is authentic. Authentic can mean that the receiver knows who created the document and that the document has not been altered in any way since the document was created. In essence, a digital signature allows the creator of a document to “sign” the document with a secret key so that others with a matching public key can verify the document must have been signed only by the holder of the secret key.
Digital signatures can use what are known as “public key cryptography,” which employs an algorithm using two different but mathematically related “keys,” one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its original form. Computer equipment and software utilizing two such keys are often collectively termed an “asymmetric cryptosystem.”
The complementary keys of an asymmetric cryptosystem for digital signatures can be termed the private key, which is known only to the signer and used to create the digital signature, and a public key, which is ordinarily more widely known and can be used by the relying party to verify the digital signature. If many people need to verify the signer's digital signatures, the public key can be made available or distributed to all of them, perhaps by publication in an on-line repository or directory where it is easily accessible. Although the keys of the pair are mathematically related, if the asymmetric cryptosystem has been designed and implemented securely it is computationally infeasible to derive the private key from knowledge of the public key. Thus, although many people may know the public key of a given signer and use it to verify that signer's signatures, they cannot discover the signer's private key and use it to forge digital signatures. This is sometimes referred to as the principle of irreversibility.
Digital signatures can be used in connection with hash functions to also guarantee that a document has not been altered since it was signed by the creator. A hash function can be generally described as a computation done on a message, which produces a small “fingerprint” of the document in the form of a hash value. Hash values are typically of a standard length, which is much smaller than the message but nevertheless substantially related to the message. Any change to the message invariably produces a different hash result when the same hash function is used.
In the case of a secure hash function, sometimes termed a “one-way hash function,” it is computationally infeasible to devise the original message from knowledge of its hash value and also infeasible to create a different message with the same hash value. Hash functions therefore enable the software for creating digital signatures to operate on smaller and predictable amounts of data, while still providing robust correlation to the original message content, thereby efficiently providing assurance that there has been no modification of the message since it was digitally signed.
In practice, digital signatures are used to sign the hash values of messages not the messages themselves. To sign a document or any other item of information, the signer first delimits precisely the borders of what is to be signed. The delimited information to be signed can be termed the “message.” Then a hash function in the signer's software can compute a hash result unique (for all practical purposes) to the message. The signer's software then transforms the hash result into a digital signature using the signer's private key. The resulting digital signature is thus unique to both the message and the private key used to create it. Typically, a digital signature (a digitally signed hash result of the message) is attached to its message and stored or transmitted with its message. However, it may also be sent or stored as a separate data element, so long as it maintains a reliable association with its message.
Verification of a digital signature can be accomplished by computing a new hash result of the original message by means of the same hash function used to create the digital signature. Then, using the public key and the new hash result, the verifier can determine whether the digital signature was created using the corresponding private key and whether the newly computed hash result matches the original hash result which was transformed into the digital signature during the signing process. Verification software can be used to confirm that the digital signature as verified is the signer's private key as used to digitally sign the message (which is known to be the case if the signer's public key was used to verify the signature because the signer's public key will verify only a digital signature created with the signer's private key) and that the message was unaltered (which is know to be the case if the hash result computed by the verifier is identical to the hash result extracted from the digital signature during the verification process).
One challenge presented by the use of digital signatures is keeping the signer's private key secure. In some systems, the one Application, or possibly API, may be responsible for creating the hash value and signing the hash value with the signer's private key, as well as presenting the information to be delimited to the user, passing the delimited information to the hash function, and passing the hash value on for signing. If the application is implemented correctly and is trusted, this usually does not present a problem. However, if the application is rogue or is poorly implemented, the delimited information may be mishandled causing the information that is ultimately hashed and signed to be different from that delimited by the user.
Poorly implemented or rogue applications can create the problem of scavenging of private information such as the private key. The deployment of a private key to a device can, many cases, be a significant and expensive undertaking. In order to recover this investment, companies deploying private keys expect that they are the only one able to use such a key. Poorly implemented or rogue application may make it possible for someone to scavenge the company's private key.
In some applications, the private key, as well as other private information, may reside on a smart card. In this case, the user is typically required to provide a PIN to the smart card which performs the signing operation using the private key. If the PIN is collected by a poorly implemented or rogue application the system becomes vulnerable to scavenging of the PIN, which could allow anyone to access and use the private key and other private information on the smart card. On the other hand, if the card collects the PIN with the help of some embedded software, usability suffers as the user is required to separately delimit the information for signing and provide the PIN for unblocking the private key on the card.
As such, there is a need for an improved device, method and computer code product for implementing digital signatures.