Printer Friendly

Technical and legislative aspects regarding the digital signature.


The high performances reached by the information technology during the last years and its decreasing costs made it possible to present, manipulate and archive documents more and more in an electronic format. In this process, an essential role is played by the digital signature (NIST, 1994), the instrument through which the content of an electronic document and its issuer are authenticated in an almost infallible manner.


The digital signature is implemented using cryptographic methods with two keys: a private key and a public key, in the concept introduced by Diffie and Hellman, from Stanford University (Diffie & Hellman, 1976). The first key must have a maximum secrecy regime and that is why it is known only by its owner, being named the private key (PRIV). The second key, on the other hand, is made public, that is the reason it is called a public key (PUB). Both keys are in fact string of bits, provided by a special program. While the public key can be issued anywhere in the world, the private key must be kept in a safe place. That is why the private key is usually stored on a secured cryptographic device (etoken or smart card, which can be accessed only by entering a password, the PIN code) and cannot be extracted from this device in a comprehensible form, but only as a cryptogram. The public key is included on a digital certificate which is also stored on the secured cryptographic device. The certificate may be exported and published on the Internet because it does not contain confidential information.


The existing implementations of the digital signature systems, most often use the following cryptographic algorithms:

* MD2, MD5 -"Message Digest"- (Wang & Yu, 2005), created by Ronald Rivest and SHA -"Secure Hash Algorithm"-, created by the USA Standards Institute for digital signature (NIST, 2002), all used for digest's extraction;

* RSA, created by Rivest, Shamir and Adleman (Rivest et al., 1978), El Gamal (El Gamal, 1985) and DSA -"Digital Signature Algorithm"- (NIST, 1994), all used for digest's encryption / decryption.


In practical implementations, the public key algorithms are often inefficient and slow. In order to decrease the time, a digest of the document is realized based on a hash function (Fig. 1).

Signing document M (Fig 1.) determines the following actions (Patriciu et al., 2001):

* the digest D of the document M is done with the help of a hash function (SHA1, SHA2, MD2, MD5);

* the document digest is ciphered with the private key of the releaser (which is stored on a secured device) and its obtained a cryptogram S which represents the digital signature, which is attached to the document M;

* the digital certificate which contains the public key is attached to document M, operation which allows the verification, respectively the validation of the signature.

The encrypting algorithms have a great crypto-complexity, generally based on complex mathematical operations, with huge numbers (hundreds of decimal numbers or thousands of bits).

The digital signature protocol guarantees that (Patriciu & & Ene-Pietrosanu, 2001):

a. the signature is authentic, because it can be verified only with the public key of the releaser;

b. the signature cannot be forged, because only the releaser knows his own secret key;

c. the signature is not reusable, because it depends on the content of the document which is encrypted;

d. the signature is not alterable, because any alteration of the content of the document results in the fact that the signature cannot be validated with the public key of the releaser;

e. the signature is not reputable, because the only one who had the necessary instruments to sign is the releaser and that is why the verification / validation process which takes place at the receptor, does not even involve the releaser.



The signature is checked through 3 steps (fig. 2) (Patriciu et al., 2001):

* a new digest of the alleged signed document is created

* the signed digest is decrypted with the public key of the releaser

* the 2 digests are compared and if there is coincidence the signature is validated.


The pair of keys can be used not only to sign and check the signature, but also in order to insure the confidentiality of the documents. If a signatory X desires to send a confidential document to a signatory Y, signatory X may encrypt the document using the public key of signatory Y. In this way, only signatory Y will be able to decrypt the document with the help of his private key.


A series of documents settle, from a legislative perspective, the digital signature concept and the way it is used in EU (EP & EC, 2000).

The Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (EP & EC, 2000) introduces the following fundamental definitions:

The digital signature represents data in an electronic format, which are attached or logically associated with other electronic data and which serve as an authentication method.

The extended digital signature represents the digital signature which fulfills all of the following conditions:

a) it is linked in an unique manner to the signatory

b) it insures the identification of the signatory

c) it is created through means exclusively controlled by the signatory

d) it is linked to the electronic data that it is related to, in such a manner that any ulterior modification of these data can be identified.

A signatory is a person who possesses a device which creates the digital signature and who acts for himself or as a representative of a third party.

Digital signature creation data are any electronic data with a unique character, such as codes, or private cryptographic keys, which are used by the signatory to create a digital signature.

A digital signature creation device is a configured software and / or hardware, used for the implementation of the data necessary for the creation of the digital signature.

A secured digital signature creation device is the device that creates the digital signature which fulfills all the following conditions:

a) the data for the creation of the signature, used to generate it, must appear only once and their confidentiality must be insured

b) the data necessary for the creation of the digital signature, used to generate it, must not be inferred

c) the signature must be protected against forgery by the technical instruments available at the time it is generated

d) the data for the creation of the digital signature must be effectively protected by the signatory against being used by unauthorized persons

e) it must not alter the data to be signed or prevent such data from being presented to the signatory prior to the signature process.

Digital signature verification data are electronic data, such as codes or public cryptographic keys, which are used with the purpose of checking/verifying a digital signature.

A digital signature verification device is a configured software and / or hardware, used for the implementation of the data needed for the checking of the digital signature.

A digital certificate is a collection of electronic data which attest the link between the data used for the verification of the digital signature and a person confirming the identity of that person.


The digital signature has the following attributes: it is authentic, it cannot be forged, it is not reusable, it is not alterable and it is not reputable.

Digital signature offers many advantages and can be used in a wide range of applications, being able to substitute hand signature in any domain. This solution eliminates hard copies and assures important time reductions, allowing the achievement of remote transactions between individuals and / or institutions.

The digital signature also guarantees that there were no text adding or changing operations in the document after the document was signed. This cannot be guaranteed while using the hand signature.

This paper presents a systematic description of the technical and legislative aspects regarding the digital signature, based on the authors' practical experience in implementing digital signature in hospitals and territorial work inspectorates from several counties of Romania.


Diffie, W. & Hellman, M. (1976). New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22 (Nov. 1976), pp. 644-654, ISSN 0018-9448

El Gamal, T. (1985), A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, Vol. 31 (Jul. 1985), pp.469-472, ISSN 0018-9448

EP--The European Parliament and the EC--European Council (2000). Directive 1999/93/EC, a community framework for electronic signatures, Official Journal of the European Communities (Jan. 2000), pp. 12-20

NIST--National Institute of Standards and Technology (1994). Announcing the Standard for Digital Signature Standard (DSS), FIPS 186 (1994)

NIST--National Institute of Standards and Technology (2002). Announcing the Secure Hash Standard, FIPS 180-2 (2002)

Patriciu, V.V.; Ene-Pietrosanu, M.; Bica, I.; Vaduva, C. & Voicu, N. (2001). Security of electronic commerce, Bic All, ISBN 973-571-325-X, Romania

Patriciu, V.V. & Ene-Pietrosanu, M. (2001). New technologies regarding the Internet's security, Revista Informatica Economica, Nr 1 (17), (2001), pp. 60-68

Rivest, R.; Shamir, A. & Adleman, L. (1978). A method for obtaining digital signatures and public key cryptosystems, Communications of the ACM, Vol. 21 (Feb. 1978), pp. 120-126, ISSN 0001-0782

Wang, X. & Yu, H.; (2005). How to Break MD5 and Other Hash Functions, Advances in Cryptology--EUROCRYPT, Vol. 3494/2005, pp. 19-35, ISSN 0302-9743
COPYRIGHT 2008 DAAAM International Vienna
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Robu, Raul; Voisan, Emil; Ungureanu, Dan
Publication:Annals of DAAAM & Proceedings
Date:Jan 1, 2008
Previous Article:Issues regarding digital signature infrastructure and digital certificate management.
Next Article:Pressing and sintering of Ti[O.sub.2] powder cathode used to obtain titanium by electrochemical reduction.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters