Digital Signatures and Electronic Signatures

Raymond R. Panko, University of Hawaii

Introduction

Background

Applicant, Verifier, and True Party

Key-Based Authentication

Threat Model

Digital Signatures

Creating the Digital Signature

Verifying the Digital Signature

Benefits and Issues

Message Authentication Codes (MACs)

Why MACs?

Creating a Message Authentication Code

Verifying the MAC

Benefits and Issues

IPsec

Other Electronic Signature Technologies

Typed Signatures and Scanned Physical Signatures

Click Agreements

Authenticated Sessions

Biometrics

None of the Above

Selecting an Electronic Signature Method

Security Requirements

Legal Goals

Suitability

Legal and Regulatory Environment

Conclusion

Glossary

Cross References

Further Reading

INTRODUCTION

When we send letters, we sign them to indicate that they are from us. When we sign contracts, we are expressing our willingness to abide by the terms of the contract. We cannot later repudiate the contract because our signature binds us. Signing is also possible in the electronic world, and it generally serves the same purposes.

There are three related terms we use in this article. An electronic signature (e-signature) is any signing method that is used with computers and networks. It is the broadest concept. It includes such things as clicking a button to indicate that we accept the terms of a program's end user licensing agreement.

More narrowly, there are two general ways to add signature blocks to outgoing messages. Digital signatures ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.