Public Key Infrastructure of Digital Signatures
Table of Contents
Public Key Infrastructure of Digital Signatures
We all must have noticed in the news reports regarding the Pegasus Software usage case which was brought before the Supreme Court of India. Just as a reference, do we know what the central issue alleged by the petitioners is? It was none other than a violation of privacy in the name of national security. So even though it is not much related to this article, cyber security was the key issue in the such allegation. Coming back to our discussion, this article will be looking into one of the topics which function on security-centric aspects such as encryption, and decryption. It deals with Public Key Infrastructure, which provides protection from cyber attacks. This article will discuss what Public Key Infrastructure is and its importance with respect to digital signatures.
Before looking into the PKI components and their relation to the digital signature, it is important to have a general understanding of the technical terms, which are a little far from common legal terms, at least in the way of understanding but are equally important. So, what are these Public Key Infrastructures (PKI) and digital signatures?
Digital Signatures:
Coming to the first term – ‘digital signatures’, the Information technology act of 2000 defines a digital signature as “authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3”.
In other words, a digital signature helps in creating an e-signature or a virtual signature that is unique for a person or any entity. With such signature, information or messages within communication in any electronic record shall be protected. These signatures are considered to be more secure in nature than other signatures. Public Key Infrastructure is the one that requires certain protocols to be followed in order to create a Digital Signature.
How does a digital signature work?
A digital signature is formed before its usage in any document. In order to form a digital signature, a definite format called Public Key Infrastructure is used. Components of PKI shall be discussed later. So, when a person signs a document through virtual form, firstly, this signature is turned into a coded form through the help of a Private key associated with or possessed by the signer of the document. This private key forms part of PKI security and shall be unique to each signer.
When the signature is created in a coded form, it becomes encrypted.
In order to decrypt such message or document by the receiver, he or she should have the public key, which will be available for every digital signature. If the document is not accessible through such a public key, then it is noted that the digital signature is not the same as signed by the signer, or there must be a change in the document after signing the document. Thus, this digital signature gets invalidated as soon as it is known to be non-accessible. This is the process of creating and authenticating the digital signature in which the PKI system or policies will be used as a prior requirement of authentication.
What is Public key Infrastructure?
Secondly, as the term suggests – Public key infrastructure, in simple terms, offers a way of protection for communicating parties and develops a kind of trust, which is required in the current tech world for the purpose of securing their identity and their websites, etc.? It contains various components, which will be looked at in the following sections of this article. In technical terms, Public key infrastructure contains encryption policies and the framework as part of it in order to secure the nature of communications between one website and the user of such website.
Let us assume that Mr. A has an online website or blog which contains the PKI infrastructure, and it shall verify the authenticity of the user’s identity in order to provide him with the information. This verification is for the purpose of knowing whether the user tries to hack the website or degrades the communication etc. – basically to authenticate the user’s identity.
Components of Public Key Infrastructure:
There are two main components or requirements that form part of Public Key Infrastructure. They are; first, a Digital Certificate and secondly a certifying authority – look into public and private keys.
Firstly, a digital certificate acts as a license or a passport to identify any entity or an organization. It is merely an electronic document containing a public key in it.
However, why should a certificate contain a public key? As mentioned under Digital signature, a public key helps in the decryption of a document or message sent by a digital signer to a receiver. Public Key infrastructure does not function without certification from authority. So, any digital certificate helps to identify a particular identity or organization and secures all communications between the parties, as it serves as part of PKI. Who certifies such necessary certificates?
There are two bodies or entities that certify and check the digital certificates. They are 1) Certifying Authority (CA) and 2) registration authority.
On the one hand, certifying authority verifies the authenticity of entities that require the certificate. If a website requires a digital certificate, certifying authority steps in to authenticate the communications between the servers and users.
Similar to a government issuing an identity, Certifying authority (CA) looks into and certifies the entity.
On the other hand, the Registration Authority shall perform the function to provide the certificate on direction from the Certifying Authority.
Conclusion:
One of the significant purposes that a Digital signature does is the authentication and further protection to parties in entering the cyber technology. With PKI-backed security, it is noted that cyber frauds and forgeries have reduced and continue to reduce. The authenticity of every document which is signed digitally has been improved and retained through such technology. Current legal recognition of digital signatures under the Information technology act also ensures that future electronic transactions between the parties in India shall be properly enforced even on digital platforms.
