Show
Security Tip (ST04-018)Original release date: December 17, 2009 | Last revised: August 24, 2020 The terms digital signature and electronic signature are sometimes
confused or used interchangeably. While digital signatures are a form of electronic signature, not all electronic signatures are digital signatures. Electronic signatures—also called e-signatures—are any sound, symbol, or process that shows the intent to sign something. This could be a scan of your hand-written signature, a stamp, or a recorded verbal confirmation. An electronic signature could even be your typed name on the signature line of a document. A digital signature—a type of electronic signature—is a mathematical algorithm routinely used to validate the authenticity and integrity of a message (e.g., an email, a credit card transaction, or a digital document). Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents. In emails, the email content itself becomes part of the digital signature. Digital
signatures are significantly more secure than other forms of electronic signatures. Digital signatures increase the transparency of online interactions and develop trust between customers, business partners, and vendors. Familiarize yourself with the following terms to better understand how digital signatures work:
Digital signatures work by proving that a digital message or document was not modified—intentionally or unintentionally—from the time it was signed. Digital signatures do this by generating a unique hash of the message or document and encrypting it using the sender’s private key. The hash generated is unique to the message or document, and changing any part of it will completely change the hash. Once completed, the message or digital document is digitally signed and sent to the recipient. The recipient then generates their own hash of the message or digital document and decrypts the sender’s hash (included in the original message) using the sender’s public key. The recipient compares the hash they generate against the sender’s decrypted hash; if they match, the message or digital document has not been modified and the sender is authenticated. Why should you use PKI or PGP with digital signatures?Using digital signatures in conjunction with PKI or PGP strengthens them and reduces the possible security issues connected to transmitting public keys by validating that the key belongs to the sender, and verifying the identity of the sender. The security of a digital signature is almost entirely dependent on how well the private key is protected. Without PGP or PKI, proving someone’s identity or revoking a compromised key is impossible; this could allow malicious actors to impersonate someone without any method of confirmation. Through the use of a trusted third party, digital signatures can be used to identify and verify individuals and ensure the integrity of the message. As paperless, online interactions are used more widely, digital signatures can help you secure and safeguard the integrity of your data. By understanding and using digital signatures, you can better protect your information, documents, and transactions. Please share your thoughts. We recently updated our anonymous product survey; we'd welcome your feedback. Which of the following refers to the protocol designed to query databases to look up and identify the registrant of a domain name?Whois is a protocol that allows users to query databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address, or an autonomous system number. The process of a Whois Lookup is simple.
Which of the following countermeasures does not prevent footprinting of an organization's website?Countermeasures an organization can take to thwart footprinting of the organization's Web site include all of the following except: adding unnecessary information to the Web site to throw attackers off the trail.
Which term refers to the ability to verify that information has not been altered?Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
What type of encryption involves one key for both encryption and decryption?Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic data. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process.
|