Talk:Digital signature

From Wikipedia, the free encyclopedia

You have new messages (last change).
WikiProject on Cryptography This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.
WikiReader Cryptography It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box.
To-do list for Digital signature: edit · history · watch · refresh
  • Describe cryptanalysis of digital signatures -- what are the various notions of security for a signature scheme?
  • Mention the common association of message encryption with digital signatures.


Contents

[edit] Comment

Shorter:

A crypto signature decrypts to a document hash under the given user's public key, thus proving that the document was signed by the user's private key. Connelly 05:22, 21 Jul 2004 (UTC)

[edit] Analogy to traditional signature: meaning and wording

Matt,

The analogy of digital signatures to paper ones is, subtly, not very close. That's why I used the construction 'in a sense'. It wasn't quite weasel wording. The problem is that deiscussing the limited analogy is messy and not quite on point. I'm open to an alternative phrasing, in fact, I'd welcome one, but as it stands it's too easy to misconstrue the degree of analogy. Needs to be changed somehow.

The analogy is close enough, IMO, to serve as an analogy; have a look at Schneier's Applied Crypto book (sec 2.6); he introduces digital signatures by listing the essential five properties of physical signatures that can be achieved electronically by digital signatures. — Matt 17:26, 18 Apr 2004 (UTC)

This is a real nuisance. Most of the legal beagles in the legislatures, at least on this side of the pond, have demonstrated some inability to get the distinction. And the legal beagles putting together position papers for the American Bar Association also failed to get it. There is an English soliciter/barrister (I'm almost colorblind on that one) named Nicholas Bohm who was (and may still be for all I know for I haven't been following this closely for a couple of years) one of the very few of these beagles who had the right scent. But he was advised closely by Brian Gladman (?) who did several reference algorithm implementations about the time of the AES break off. So there may have been reason why Bohm was better at this than most of the others.

ww 17:18, 18 Apr 2004 (UTC)

Matt, He does indeed and I remember his list. But the concern I have is based on work I did in support of a professional education seminar for lawyers here prompted by the passage of the Esignature Act of 2000. It's a swamp and I think we should be careful not to fail to convey a sense of caution here. That's what I was trying for with that phrasing. ww 18:29, 18 Apr 2004 (UTC)

geyer7 20 Dec 2005

I pulled the sentence, "(Software developers typically expect about 1 defect per 1,000 lines, unless intense efforts have been taken to raise its quality, in which case 1 defect per 1,000,000 lines is typically expected)." These numbers should be sourced and I believe it's inaccurate to say they refer to something software developers typically expect.

[edit] This bit is just garbage and needs rewritten

"Unlike a traditional handwritten signature a digital signature may be generated automatically, without the knowledge of the authorized user", "paper signatures can be copied [or] created under coercion", "However, if the right software is used in the right way, including not leaking the private key, then the digital signature on some message can be created only by definite actions of the person in question, therefore validating the use of digital signatures." are all mutually exclusive.

I'm not claiming to be able to write definitively on this subject, but this just reeks...

[edit] Evidential status

Many of the legal enactments (statute or regulation) surrounding digital signatures is concerned with their admissibility as evidence. More controversial, however, is their actual value as evidence. Unlike a traditional handwritten signature, a digital signature may be generated automatically, without the knowledge of the authorized user. However, very few can reliably prove a handwritten signature is legitmate, too, since paper signatures can be copied, created under coercion, few have handwritten signature cards to compare against, pages may have been changed after the signature was applied, etc. A digital signature is generated by complex software, operating on an operand whose nature and existence cannot be fully or directly verified by the authorized user. Whereas the existence of a digital signature can be evidentially significant in establishing that an electronic communication is uncorrupted, and that it had a certain provenance, it cannot of itself provide any evidence as to whether a particular individual intended or authorized or associated himself or herself with any such communication. In that regard, the term "signature" is potentially misleading as the engineering does not know, and may possibly not be able to coincide with, the assumptions underlying many of the legal enactments. Legal enactments which affirmatively declare that a digital signature is presumptively deemed a valid signature are at variance with the possibilities afforded by the cryptography.

However, if the right software is used in the right way, including not leaking the private key, then the digital signature on some message can be created only by definite actions of the person in question, therefore validating the use of digital signatures.

[edit] Replay attack

The article gives an impression that digital signature stops replay attack. I don't think replay attacks can be stopped by signing messages. If I can observe and record a signed message sent by A to B, I can re-send the same message without B having any way of detecting the fraud.

There are other ways of preventing replay attacks. For example, the message needs to contain a timestamp or sequential number.

[edit] Digital signatures use encryption techniques, but are not used to encrypt

The current article mingles too much digital signatures and encryption. It might give the reader the impression that by digitally signing, the message also becomes encrypted. Though public key encryption is also used in encryption, the purpose of signing is not encryption. There are two reasons why private keys for digital signatures should not be used to encrypt.

  • First quite often you might want something signed (digitally) but readable by everyone. E.g. diplomas, birth certificate, identity certificates, drivers license, the fact that you are the owner of something, etc... These should be in plain text but the digital signature is used to verify that they are not forged.
  • Secondly, and much more important, the fact that you engage in an encrypted conversation does not mean that you want to sign all these messages in a legal sense. E.g. I might have an email conversation with a Rolls Royce dealer about buying a car, but this does not mean that I signed an electronic contract with that dealer. For that reason it is advised to use separate private keys for encryption and digitally signing. If a signed document needs to be encrypted, encryption is used on top of the signing.

Wintermute314 14:17, 13 May 2006 (UTC)

Agreed (now that I've finally noticed this comment). And I remeber that I'd noted this in my last major edit. I'll look again. ww 15:46, 27 July 2006 (UTC)

[edit] Clarification of the use of the word signature in the term 'digital signature'

Greetings Wikipedia Crypto editors.

First of all, I am not a crypto-anything. I'm simply trying to learn enough from these pages to give me a good working grasp of the technology, from a practical, everyday point of view. That said, may I suggest inclusion of the following section, probably somewhere near the top, which clears up an aspect of digital signatures that I was finding particularly confusing..

"In the context of pens and sheets of paper the term signature refers solely to the name of the document author scribbled at the bottom of the page. If his signature is to attest to the document's authenticity, the author must use the same signature each time he signs a document.

A digital signature, on the other hand, is the result of encrypting some digital information with a private key. Thus, a digital signature contains the information it is attesting to (in encrypted form) and will be different for each different set of information.

The last entence above is not necessarily so for some types of digital signature. Admittedly, not so useful a type, but... ww 15:50, 27 July 2006 (UTC)

Within the field of public key cryptography encrypting information with a private key is known as signing for one reason only; because use of the private key to encrypt the information, rather than the public key, facilitates the authentication of that information (as handwritten signatures do), rather than the establishment of confidentiality (as encrypting it with the recipient's public key would do).

Mostly, yes. ww 15:50, 27 July 2006 (UTC)

One further comparison exists; both handwriten signatures and digital signatures must accompany the (unencrypted) information they are intended to authenticate. Whereas a handwritten signature is compared with a securely held master copy, a digital signature is decrypted using the sender's public key, resulting in two copies of the same information, and the two copies are compared. If they match, the key used to encrypt the information is not in doubt and in that sense the information is authentic."

Sebyte 11:34, 18 May 2006 (UTC)

You've got more of it than most people do. Consider yourself a crypto cognocenti, for someone who's only intested in the practical side. ww 15:50, 27 July 2006 (UTC)

[edit] Remove history section?

The history section in this article is the same as in electronic signature. This is confusing. Since it is made clear that digital sigs are a special case of electronic sigs and there are already links to electronic signatures, I propose to delete the history section in this article. --Wintermute314 13:50, 11 June 2006 (UTC)

I think I'm the culprit. I left it in both articles as a way to head off some of the misconceptions so many acquire. WP being a didactic and informative medium, it's an obligation of editors to head off common confusions if possible. i agree that the duplication offends a sense of prsimony, mine included, but I assuaged mine with the observation that a reader who didn't do what I would prefer him/her to do (namely follow the links out, and weld the info found into a coherent whole) will be misled in a subtle way by omission. I've wrenched myself to a point of aggrieved acceptance. Perhaps it's an invitable result of an encyclopedia sort of format? ww 15:56, 27 July 2006 (UTC)

[edit] Why does Digital Signature have to only focus on PKI?

I understand that there is a large number of people that feel the same regarding electronic vs digital. I agree that an electronic signature does not mean that a cryptographic solution is present. However we also cannot assume that a PKI/Cryptographic solution is the ONLY way to capture a digital signature. It is merely ONE way out of many.

Agreed. It is only one of many, PKIs not being what the legal beagles had assumed they would become a decade ago when they began enacting and all. But it (or the general class, there are several crypto signature algorithms) is the only sort which can provide robust security if used correctly. PKI is not a useful distinction. ww 16:01, 27 July 2006 (UTC)

Wiki has a page for each topic and a read can drill down to get more specific information. Therefore Automobiles >> Cars >> Sports Cars would be similar to Electronic Sig >> Digital Sig >> PKI. The digital Signature page should discuss all topics relevant to Digital Signatures (like PKI, message authentication codes, file integrity hashes and digital pen pad devices) and then a reader could select the sub-page to learn more.

Readers cna indeed drill down. The Average Reader cannot be expected to do. See my comments (re Wintermute's observations) about an intent to be achieved in these two articles. ww 16:01, 27 July 2006 (UTC)

Making the dig sig page exclusively about PKI would be like only talking about 2-door cars without discussing all of the other options. If a reader wants to learn more about PKI then send them to PKI. Each page should discuss an overview of all the sub-pages:

It would indeed do so. My last major edit of these tried not to do so. I'll take a look to see if that remains. ww 16:01, 27 July 2006 (UTC)
  1. Electronic Signatures
    1. FAX
    2. Morse Code
    3. Click Wrap
    4. Digital Signatures
      1. PKI
      2. Pen Pad

[edit] merge with Electronic Signatures

Digital signatures are a "subset" of electronic signatures. While there is confussion on the subject among some resources, major signture companies, Universities and the US Government define it as follows:

  • "Just as digital signature technology is a subset of electronic signature technology, electronic signature technology is a subset of its own accord, this time, of electronic approval management technology." Silanis
  • "Digital signatures, which are a subset of electronic signatures," Adobe
  • "electronic signature technology of which digital signatures are a subset" University of Virginia
  • "Electronic signatures and its subset, digital signatures" State of WI
  • "Digital records are a subset of electronic records" National Archives of Australia
  • "A subset of electronic signatures—digital signatures" CIO
  • Just Google for 'digital subset electronic signature' (quotes not needed)

Additionally US Law Defines Electronic Signatures

Digital Signatures are those that include an image or graphic to represent the signature. They are electronic signatures but not all electronic signatures are digital. These two articles on Wiki have much of the same information but are separated. Isaacbowman 14:43, 4 May 2006 (UTC)

I would not merge digital and electronic signatures in one article. Although one is a subset of the other, the article would become too long, since there are many electronic signatures and digital signatures are so important that it merits a separate and also long explanation. Often users will search specifically for information on digital signatures because of legal requirements so we should make it easy for them and not have them dig it out of a larger and broader article.
I do agree that the shared (legal) info could be promoted to the higher level article of electronic signatures, and this article could link to that.
--Wintermute314 07:59, 30 May 2006 (UTC)
Not a complete merger but the information is very confussing to someone that doesn't know the difference. I felt that the pages should be 'cleaned' to reflect the difference. Isaacbowman 03:44, 27 July 2006 (UTC)
I would note that the confusion is inherent in the way that so many misuse words in such a way as to not match the underlying engineering, usually in mutually incompatible ways. The confusion does not exist if starting from the engineering possibilities (at least for the crypto stuff). And from an increasing degree of spoofability. Since the confusion needs must addressed some time, might as well start at the start. ww 16:11, 27 July 2006 (UTC)
Retrieved from "http://en.wikipedia.org../../../d/i/g/Talk%7EDigital_signature_e150.html"