What is Public Key Infrastructure?
What is a Digital Signature?
How is a Digital Signature Created?
What is a Digital Certificate?
Evaluating Digital Certificate "Quality"
What is a Key Pair?
What is a Hash Function?
Hashing and Document Integrity
Validating a Digital Signature
Online Certificate Status Protocol (OCSP)
What is a Certification Authority?
What is a Certification Practice Statement (CPS)?
When many people hear the terms PKI or digital signature, they think about secure web sites or credit card transactions. They may even think about digitised hand-written signatures. But a digital signature has little to do with handwriting and PKI is not just a way to make web sites secure. As you might surmise, a variety of companies have emerged to provide a broad array of solutions for security in the online world, so it should come as no surprise that not all digital signatures are created equal. PKI is a structural design to establish secure communication, messaging, and transactions over networks. This involves managing and handling certificates as well as applications.
- Validating, issuing and disseminating certificates
- Managing cancellation, suspension, and regeneration
- Managing key recovery for encryption keys
- Assuring compatibility between certificates and applications
- Installing procedures for certificate request, install, and revocation
When you look at using digital signatures for high-value transactions - legal contracts or insurance bonds for example - proof of authenticity is critical. Digital signatures - based on positive identification of the person signing the document, a reasonable assurance of their intention to apply a legal signature, and secure knowledge that the signed document has not been changed in any way since it was signed - are increasingly being accepted as having legal standing equal to that of traditional signatures. Digital signatures that do not measure up to these tests are of limited value when non-repudiation is critical.
It is important to make a distinction between an "electronic signature" and a true digital signature. An electronic signature can be anything from a digitised image of a handwritten signature to something as simple as the header information on a piece of e-mail. While these identifiers may provide indications of authorship or origin, they are relatively simple to counterfeit and are not generally useful for contracts or other legally binding documents. In most jurisdictions, the term "digital signature" has come to mean the use of Public Key Cryptography to ensure authentication and message integrity, with the goal of creating a signature with the same legal attributes of a traditional written signature.
A digital signature should be generated in such a way that signing a document is an intentional act, combined with the attributes of document and signature authentication. Moreover, it should protect the recipient of an electronic document from false denial (repudiation) of the signature by the sender.
When a document or file is digitally signed, the signing software applies a "hash function" to the document. This hash function computes a result based on the unique content of the document. The software then applies an algorithm unique to the signatory’s private key to the result, which results in a digital signature unique to the document and the specific private key. A digital signature is document-specific, unique, and unalterable. The digital signature is stored with the document and may be validated once the document reaches the recipient.
A digital certificate is the identifying record that recognises the owner of a key pair and serves to validate signatures made with the key pair. On a technical level, a digital certificate is a data structure that contains basic fields and optional extensions. The International Telegraphic Union specifies widely used certificate structures and semantics. The current standard for certificates is X.509 v.3, which supports the use of custom extensions. (Custom extensions may be used in addition to basic fields common to all X.509 v.3 Certificates.)
There are also policy mapping fields available in X.509 certificates that could potentially allow Certification Authority (CA) systems with similar security policies to cross-certify. However, due to the wide range of choices, most X.509 compliant products are not compatible with other CA systems.
Because different Certification Authorities create digital certificates to support a wide range of business initiatives, not all certificates provide the security needed to ensure non-repudiation.
Certificates of sufficient "quality" to ensure validity and enforceability of the signature require:
- Appropriate investigation of the certificate holder's identity
- Rigorous protection of the certificate key pair, both when it is issued and as it is used to sign documents
- Up-to-date status information when the digital signature is validated
- Backing by a CA/Repository that meets stringent, industry-standard security audits
The term "key pair" refers to a pair of unique, mathematically related formulas that can be used to support a number of security objectives, including encryption, authentication, and non-repudiation (for digital signatures). Each half of a key pair performs a complementary function and the keys are generally referred to as the "Private Key" and the "Public Key." Key pairs bring a high level of safety to online interactions because it is "computationally infeasible" to derive one key value from the other. In simple terms, this means it would take too much computation power and time to breach the security of a key pair.
The Private Key is normally used to encrypt data - which means to transform it into an unreadable code if the key is being used for security encryption, or to create a hash table for the document. The encryption key is always kept private.
The Public Key is used to decrypt the materials encrypted with the Private Key, that is, to return the data to its original form. The Public Key is often embedded within a digitally signed or encrypted document.
Key pairs are implemented differently, depending on the purpose for which they are used and these differences are based on the possible results and liabilities if the Private Key is lost or compromised.
In the case of a key pair used for encryption, loss of the keys could render a document unreadable, which is why a backup copy of encryption keys is frequently kept in escrow to protect access to stored data.
Key pairs used to digitally sign documents are usually stored on hardware tokens - like smart cards or USB keys - so they are always in the physical control of the person who will use them. Escrow copies of signing key pairs are not usually kept; if a key is compromised or lost, the underlying certificate is revoked and a new certificate and key pair is issued.
A hash function is an algorithm applied to a document or file that results in a coded representation of the document. Hashing is always a one-way operation; it is not possible to "reverse engineer" the hash function by analysing the hashed values. Also, the complexity of the hash function is such that you will never receive the same hash value from two different inputs.
A file run through a particular hash function will always produce the same hash table. This means that any change to a file - even to a single character or space - will change the resulting hash table. Since applying the private key to the hash table creates a digital signature, validating a digital signature on a document proves both that the signature is valid and that the document has not been altered in any way since it was signed.
A digital signature - when used in conjunction with a digital certificate issued based on face-to-face identity vetting and a token-based key pair - provides the authentication function of an ink signature plus message integrity equal to that of a signature on paper. Therefore, legislation and business practice increasingly accepts that an electronic document with a valid digital signature carries the same legal weight as a hardcopy document with a "wet signature." Any document bearing a digital signature can be forwarded or stored electronically. If the document is altered or amended in any way, the change will alter the hash function on which the digital signature is based and thus invalidate the signature. The person who receives an electronic document and needs to rely on the signature should verify the signature upon receipt. To verify the signature, the recipient must have access to the same hash function as the signer and to the signer's public key to decrypt the hash table. The most reliable validation method for digital signatures - and the one that ID Certify uses - is based on Online Certificate Status Protocol (OCSP). OCSP allows you to check not only the validity of the digital signature but also the status of the underlying digital certificate in real-time.
Online Status Protocol provides a "real-time" way to check the status of an X.509v3 digital certificate. Much like a merchant is able to check the status of a credit card over a dial-up connection to the issuing bank, OCSP is a way for the validation software to query the repository in which a digital certificate is stored using an Internet connection. The OCSP software established a connection with the repository and obtains the current status of the digital certificate. The software then displays the certificate status and appends it to the digital signature.
Recipients of digitally signed documents need to be able to trust and verify the provenance of the signatures they receive; they need to know if the document was really signed by the person whose signature appears and that the document wasn't altered in any way after it was signed.
A Certification Authority (CA) is a trusted third party capable of issuing and managing the digital certificates and public keys used to create digital signatures. While it is possible for a large company to set up an in-house CA, most find the logistic, legal and audit considerations prohibitive and turn instead to an out-sourced CA. A trusted third-party can provide all CA functions as a neutral party.
A repository is an online database of certificates. When the recipient of a digitally signed document validates the signature, the validation software contacts the Repository (using OCSP) and validates the signature against the certificate and private key stored there. There is generally a fee associated with a repository lookup.
Certificates sometimes need to be revoked or suspended and the Certification Authority (CA) is responsible for keeping the certificate stored up to date.
Certificates may be revoked because:
- The information on the certificate is outdated
- A smart card or other token holding a certificate and private signing key has been lost
- A subscriber's password has been compromised
Each time the recipient of a digitally signed document relies on a digital certificate, that certificate should be validated with the issuing CA. Some Certificate Authorities (CA) communicate invalid certificates using Certificate Revocation Lists (CRLs). If a certificate is not on the list, then it is considered valid. The drawback of relying on CRLs for high-value transactions is that you may not know how often lists are updated and how they are distributed; there could be a critical time lag before a certificate status was changed from valid to revoked using the CRL approach. An alternative to certificate CRLs is Online Certification Status Protocol (OCSP). OCSP provides a single point for checking the status of certificates across organisations and in real-time and eliminates the distribution concerns inherent in CRLs.
A Certification Practice Statement (CPS) serves as a disclosure statement and is intended to notify third parties who will rely upon a digital signature of the Certification Authority's policies and practices. A typical CPS might include information on a CA's identification, authentication, and key management policies. It would also contain security and operations policies, legal provisions, certificate and CRL profiles and other useful policy information. Each Certification Practice Statement is unique to the organisation that prepares it. You should review and evaluate a CA's CPS to determine if the CA provides the security required to support a reliable digital certificate.