This article concerns cryptographic signatures. For signatures in digital form, see electronic signature. In cryptography, a digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

Digital signatures, like written signatures, are used to provide authentication of the associated input, usually called a "message." Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key (whether for public-key encryption, digital signatures, or any other purpose) is tied to a user by a digital identity certificate issued by a certificate authority. PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of identification.

Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature[1], but not all electronic signatures use digital signatures.[2][3][4][5] In some countries, including the United States, and in the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified.

Additional security precautions

Putting the private key on a smart card

All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user's computer, and protected by, for instance, a local password, but this has two disadvantages:

• the user can only sign documents on that particular computer and
• the security of the private key completely depends on the security of the computer, which is notoriously unreliable for many PCs and operating systems.

A more secure alternative is to store the private key on a smart card. Many smart cards are deliberately designed to be tamper resistant (however, quite a few designs have been broken, notably by Ross Anderson and his students). In a typical implementation, the hash calculated from the document is sent to the smart card, whose CPU encrypts the hash using the stored private key of the user and returns it. Typically, a user must activate his smart card by entering a personal identification number or PIN code (thus providing a two-factor authentication). Note that it can be sensibly arranged (but is not always done) that the private key never leaves the smart card. If the smart card is stolen, the thief will still need the PIN code to generate a digital signature. This reduces the security of the scheme to that of the PIN system, but is nevertheless more secure than are many PCs.

Using smart card readers with a separate keyboard

Entering a PIN code to activate the smart card, commonly requires a numeric keypad. Some card readers have their own numeric keypad. This is safer than using a card reader integrated into a PC, and then entering the PIN using that computer's keyboard. The computer might be running a keystroke logger (by its owner/operators intention or otherwise -- due to a virus, for instance) so that the PIN code becomes compromised. Specialized card readers are less vulnerable, though not invulnerable, against tampering with their software or hardware. And, of course, eavesdropping attacks against all such equipment are possible.

Other smart card designs

Smart card design is an active field, and there are smart card schemes which are intended to avoid these particular problems, though so far with little security proofs.

Using digital signatures only with trusted applications

One of the main differences between a digital signature and a written signature is that the user does not "see" what he signs. It's the application that presents a hash code to be encrypted with the private key, but in the case of a malicious application a hash code of another document might be presented so that the users thinks he is signing the document he sees on the screen but is actually unwillingly signing another (probably less favorable).

Some E-imza (e-sign) algorithms

• Full Domain Hash, RSA-PSS etc., based on RSA
• DSA
• ECDSA
• ElGamal signature scheme
• Undeniable signature
• SHA (typically SHA-1) with RSA
• Rabin signature algorithm
• Pointcheval-Stern signature algorithm
• Schnorr signature
• Aggregate signature - a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature will convince the verifier that the n users did indeed sign the n original messages

Turkey (Türkiye)

Turkey has an Electronic Signature Law since 2004. This law is stated in European Union Directive 1999/93/EC. Turkey has a Government Certificate Authority - Kamu SM for all government agents for their internal use and three independent certificate authories all of which are issuing qualified digital signatures.

• Kamu Sertifikasyon Merkezi (Governmental Certificate Authority) http://www.kamusm.gov.tr/ (Turkish)
• E-Güven (owned by Turkish Informatics Foundation) http://www.e-guven.com/ (Turkish)
• Turktrust (owned by Turkish Military Force Solidarity Foundation) http://www.turktrust.com.tr (Turkish)
• E-Tugra http://www.e-tugra.com (Turkish)

Turkey had a recent triumph in digital signatures and become the forerunner of mobile signature, that is, qualified signatures that are created using mobile phones. The leading GSM operator of Turkey, Turkcell, had developed the business model of this service for consumers first in the world.

• http://www.turkcell.com.tr/index/0,1028,400004,00.html?banner=dig_20022007_turkcellmobilimza