What is Digital Signature in information security?

A digital signature is a numerical technique which validates the authenticity and integrity of a message, software or digital files. It enables us to test the author name, date and time of signatures, and authenticate the message contents. The digital signature provides far more inherent security and intended to solve the issue of tampering and impersonation (Intentionally copy another person's characteristics) in digital connection.

These techniques are designed to support the digital counterpart to handwritten signatures and can be implemented using cryptography. In entity a digital signature of a message is a number dependant on some secret known only to the signer and on the content of the message being signed. Signatures should be verifiable without needing access to the signer secret data.

The computer-based business data authentication interrelates both technology and the law. It also calls for cooperation among the people of multiple professional backgrounds and areas of knowledge.

The digital signatures are different from electronic signatures not only in terms of procedure and result, but also it creates digital signatures more serviceable for legal goals. Some electronic signatures that legally appreciable as signatures cannot be secure as digital signatures and can lead to uncertainty and disputes.

When a person makes a digital signature, two more encrypted files are created. These are the “private key” which stays with the signature owner, and the “public key” which is transmitted along with the signed files to let the recipient open it.

The main function of a digital certificate is to associate a definite user with the public/private key pair. Digital certificates are the networking similar of driver’s licenses, and they go hand in hand with encryption to provide that connection is secure.

The concept is same to asymmetric cryptography but it is complimentary. Whereas in public-key encryption schemes, the public key can be used to encrypt the message and the private key to decrypt, digital signatures are acquired generating a number using the private key and tested with the public key.

Digital signatures have some applications in information security, such as authentication, data integrity and non-repudiation. An important applications of digital signatures is the certification of public keys in high networks.

Certification is a means for a Trusted Third Party (TTP) to bind the identity of a user to a public key. There are some entities can authenticate a public key without assistance from a trusted third party. It can becomes clear how asymmetric cryptography surmounts the key distribution issue.

A user, destined to get an encrypted message, can send the certificate including his public key issued by a TTL or Certificate Authority. The receiver who want to encrypt and send the message, can authenticate that the certificate was issued by the common Certificate Authority (CA) using the CA public key thus acquiring the guaranty that the public key received belongs to the intended recipient.