|
Digital Signature,
Talking about latest legal XML papers and new
secure electronic
software solutions articles.
|
Digital Signature - A
cryptographic process of
encrypting document digest using signer's
private
which provides for document integrity and non-repudiation. Most of the
times, people not familiar with PKI technology, confuse digital
signature
with electronic signature, which is a super set which includes
Digital Signature in addition to all other non PKI based processes which may be
used
to prove document integrity and/or non repudiation.
Digital Signature,
how publishers sign
their files? It is important because they provide end to end message
integrity guarantees, and can also provide
authentication
information about the originator of a message.
|
In order to be most Digital Signature effective, the
signature must be part of the application data, so that it is generated
at the time the message is created, and it can be verified at the time
the message is ultimately consumed and processed. SSL/TLS also provides
message integrity (as well as message privacy), but it only does this
while the message is in transit. Once the message has been accepted by
the server, the
SSL protection
must be "stripped off" so that the message can be processed.
|
Digital Signature,
As a more subtle point, SSL
only works between the communication endpoints.
|
Digital Signature, If I'm developing a new
Web service
and using a conventional HTTP server as
a gateway, or if I'm communicating with a large enterprise that has SSL
accelerators, the message integrity is only good up until the SSL
connection is terminated. As an analogy, consider a conventional letter.
If I'm sending a check to my phone company, I sign the check the
message and put it in an envelope to get privacy and delivery. Upon
receipt of the mail, the phone company removes the envelope, throws it
away, and then processes the check. I could make my message be part of
the envelope, such as by gluing the payment to a postcard and mailing
that, but that would be foolish. An Digital Signature would define a
series
of XML elements that could be embedded in, or otherwise affiliated with,
any XML document. It would allow the receiver to verify that the
Digital Signature message
has not been modified from what the sender intended.
|
|
