Digital Signature

18. In the illustration Mr Blank creates and digitally signs the ordering document. The following paragraphs and diagrams explain that process which is largely carried out by computer unseen by the signatory. If the document is signed and stored but not sent anywhere then a person who later wishes to verify the digital signature of the stored document would carry out the same processes as the receiver of the sent electronic document.

19. Public key or dual key cryptography uses mathematical calculations carried out and applied by computers. There are two stages to creating a digital signature. The first stage is to use a mathematical process to make a summary of the document or information to be signed. The summary is a meaningless series of numbers, letters and symbols which is much shorter than the document itself, although its content depends on the document. The mathematical process used for summarising the document is one of a number of processes which are widely known and used for this purpose. It is highly improbable that two different documents would give the same summary. Whenever the same mathematical process is used it will produce the same resulting summary.

20. The second stage is to encrypt that summary of the document. The method of encrypting the summary is as follows. Mr Blank’s “private key” is known only to Mr Blank. The key is a unique set of information held on the smart card. Using that information the computer alone or in combination with the card then performs a mathematical process which encrypts the summary of the document. Mr Blank sends the encrypted summary with the plain text of the document and Signicorp’s certificate which contains Mr Blank’s public key and has been signed by Signicorp. If confidentiality is required the text of the message will also be encrypted. This is explained under the heading of “Confidentiality” below.

21. The “public key” is the pair of Mr Blank’s “private key”. It will only decrypt what Mr Blank’s private key has encrypted, and on the present state of mathematical knowledge, it is computationally infeasible to calculate the private key from the public key.

Sender signs an electronic document

22. The computer used by Dream Ltd the receiver, creates a new summary of the plain text of the document using the same mathematical process as was used at the first stage by the sender. Dream Ltd’s computer identifies the mathematical process to use to create the summary of the text of the document from information that accompanies the document. Using Mr Blank’s “public key” Dream Ltd’s computer decrypts the encrypted summary sent by Mr Blank and compares the two summaries. If they are identical it is proved that the document was signed using the private key which corresponds to the public key owned by Mr Blank. It is also proved that the document has not been altered since it was signed. The two summaries would not be the same if there had been any such alteration (see diagram below).

23. The comparison of the two summaries demonstrates which private key was used to sign the document but does not prove that the key belongs to Mr Blank. That is why it is necessary to have a certificate to identify a person with the public key of a key pair.