In digital signatures we trust - Our Back Pages - Technology Information - Column

Software Magazine, Jan, 1997 by Jahan Moreh

Every business and legal transaction -- from cashing a check to buying a car, from renting a house to buying real estate requires that the parties involved establish trust. Today, we rely on a well-accepted set of steps to establish that trust.

Recently, people have begun to consider using the Internet for conducting business -- real business, not just browsing a brochure and calling an 800 number to order a product. Real business on the Net, however, requires an infrastructure that enables people or businesses engaging in a transaction to trust one another, just as you and your bank do when you cash a check. The infrastructure must ensure that you can't deny that you've engaged in a transaction after doing so voluntarily, and that the legal system will hold all parties responsible for their actions.

To create such an infrastructure, the following issues must be addressed:

* Anonymity of users. On the Internet, everyone is anonymous. Once two parties decide to engage in a business transaction, each must be able to authenticate the other's identity.

* Protection against forgery. Once a party signs a transaction, it should be very difficult to change that transaction. If you offer to sell me 500 shares of stock at $13 a share and sign the offer, no one should be able to alter it.

* Non-repudiation. Once a party signs a transaction, it should be very difficult to deny being a party to it. If you offer to sell me 500 shares of stock at $13 a share and sign this offer, you should not be able to deny making the offer.

* Support of the legal system. The legal system must recognize and support all aspects of electronic commerce. For example, a digital signature must stand in a court of law as strongly as a notarized signature on a document.

Interestingly, the technology to create an infrastructure that addresses these needs has existed for close to two decades. The technology is based on public key cryptography. Here's how it works. Everyone in the world of electronic commerce possesses two related keys: a private signature key and a public verification key. The signature key is known only to the key's owner, while the verification key should be made available to everyone. The two are related in that a message encrypted with the private key can be decrypted only with the public key.

The fact that you can decrypt a message from me with my public verification key means that I encrypted with my private signature key -- which only I possess. So, if you trust that the public verification key belongs to me, you know that the message came from me.

The two most commonly used cryptographic algorithms for applying and verifying digital signatures are DSA (Digital Signature Algorithm) and RSA (Rivest-Shamir-Adleman).

Authority Figure

If I publicize my public verification key, how do you know the key actually belongs to me? The question is one of tying a person's identity to his or her signature. If I sign a check in a department store, the store may require me to show an ID issued by a trusted third party and bearing my signature -- for example, a driver's license. Here, the Department of Motor Vehicles (DMV) is the trusted third party.

In the digital world, a trusted authority, known as a Certification Authority or CA, certifies the public verification key of every individual and issues "digital certificates." To publicize your public verification key -- thus making it possible for people you have not previously met to ascertain your identity you make your digital certificate publicly available.

Interestingly, the CA itself takes advantage of the same technology for certifying public keys. That is, the CA applies its private signature key to the "message" consisting of your name and your public key. Because everyone possesses and trusts the CA's public verification key, you can apply the CA's public verification key to my digital certificate and retrieve my public verification key from it. I can do the same if I have your digital certificate. After we possess each other's public key, we can engage in secure and non-repudiable transactions.

What if someone steals your digital certificate? Unlike physical IDs, a stolen digital certificate is useless. The digital certificate simply vouches for a public verification key whose counterpart -- the private signature key -- you possess. A stolen digital certificate is no good without knowledge of the private signature key.

So, what if someone steals your private signature key? Then you're in trouble, because whoever possesses your private key can forge your signature for as long as the digital certificate remains valid. When a private signature key is compromised, you must notify the CA so it can revoke the certificate -- just as you'd notify your credit card company if your credit card were stolen. The CA maintains a Certificate Revocation List (CRL), which is like the credit-card hot list vendors check before honoring your card.

And what if someone steals the CA's private key? Then everyone's in trouble -- big trouble. This is analogous to stealing the seal of a government and issuing passports bearing that seal. To remedy the problem, you have to change the CA's private signature key. For these reasons, protecting private signature keys is much more important than protecting a password, and people often use tamper-proof or tamper-resistant hardware devices called smart cards to store the private key.