International Journal of Computer Applications (0975 – 8887) Volume 29– No.2, September 2011 46 Easing PAIN with Digital Signatures M. Tariq Banday P.G. Department of Electronics and Instrumentation Technology University of Kashmir, India ABSTRACT Different forms of encryption techniques are being used to ensure privacy of data transmitted over Internet. Digital signature which uses Public Key Encryption (PKE) ensures privacy of conversation, integrity of data, authenticity of sender and non-repudiation of sender. Several applications on desktops, mobiles and other devices use it to secure data of various applications, services and access to devices. Digital signature exists as a file on some storage device or is embedded in hardware devices. Digital signature certificates are digital signatures that are signed by some third party certifying authority. This paper describes working of digital signature through illustrations and explains various procedures and algorithms involved in signings the data through use of digital signature. It introduces an open source software tool that can be used to study processes, procedures and algorithms used in digital signatures. It also presents information about different types of digital signature certificates currently available, file formats used therein and programming support of digital signature in .NET languages. Further, it presents an excerpt of digital signature scenario in Indian Government. General Terms Encryption, Hashing, PAIN, Public Key Encryption, PKI, Authentication, Privacy, Information Security, PKI in India. Keywords Digital Signature, Digital Signature Certificate, Public Key, Private Key, Electronic Signature, Privacy and Authentication. 1. INTRODUCTION With the advent of digital storage and communication technologies the entire spectrum of storage and communication systems has been revolutionized as digital information can be easily stored, copied, changed and transported [1]. These desirable properties of digital information are very useful but owing to easy and almost undetected modification of digital data, they have raised several security concerns. Therefore, digital data is regarded as unreliable in areas where privacy, authentication, and integrity of data are of concern unless some security procedure is attached to it. There are areas like contracts, receipts, approvals and similar others where users have severe and genuine concerns of unauthorized modification or disclosure of data. Hand signatures don‘t change this situation, because it is easy to transfer a hand signature from one digitized document to another or to modify a digitized document that is hand signed. The risk of data misuse has increased many folds with the advent of networking and wireless communication as many users can gain access to the data if not secured. The solution to all these issues is digital signature [2]. A digital signature is not a digitized hand signature, but a special kind of check-sum. Secret information ensures that a digital signature cannot be forged, while public information enables the verification of the signature. Digital signature ensures prevention of unauthorized access to data while ensuring accurate authentication to data without interference. Digital signature is currently used in various application domains [2] that include: i) Government: Filing tax returns online by taxpayers, citizen ID card, issuing forms and licenses, reservations & ticketing, ii) Banking: Inter/ Intra bank messaging systems, corporate Internet banking applications, iii) Financial Services/Broking: Online trading, electronic contract notes, iv) B2B: Online tendering, e-Procurement, v) Healthcare: healthcare management system, electronic medical recording, electronic prescriptions and many others. This remaining paper is organized as follows: section 2 briefly describes privacy, authentication, integrity and non-repudiation. Section 3 introduces encryption and in section 4 functioning of Public Key Infrastructure (PKI) are illustrated. This section illustrates steps involved in digital signatures and certificates. Section 5 lists various encryption and signings algorithms. Section 6 introduces CrypTool and presents .NET programming language support for digital signatures. It also lists various types of digital signatures, file formats and companies providing digital signatures. Section 7 gives an excerpt of digital signature scenario in Indian Government which is followed by conclusion. 2. PAIN PAIN which collectively refers to Privacy, Authentication, Integrity and Non-repudiation are four key factors to achieve information security [3]. Privacy also called confidentiality, guarantees non-disclosure of information to unauthorized persons. Authentication ensures that the document or software is genuine. Integrity as a concept means that there is resistance to alteration or substitution of data, and/or that such changes are detected and provable. The information should not be changed except by an authorized agent. Non-repudiation is a security service that prevents a party from falsely denying that it was the source of data that it did indeed create. 2.1 Privacy It is the right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Privacy guarantees the prevention of unauthorized access and manipulation of data. It means that a transaction between businesses cannot be viewed or interfered with by an outside party. 2.2 Authentication Authentication is the security process that validates the identity of a communicating party. In the simplest implementation, this takes the form of a password. Passwords can be easily compromised through indiscretion and typically do not address who is entering the password. Another variant of authentication is known as strong authentication. In this implementation, authentication is provided by a digital signature which is an