An overview of Digital Signatures, PKI

1. Digital Signature & eSign
(An Overview)
e-Hastakshar (eSign) Workshop for
Application Service Providers (ASP)
17-18 December, 2015
Rishi Pathak – C-DAC

2. Outline of Talk
• What are Digital Signatures
• Cryptographic hash functions
• Asymmetric cryptography
• PKI & DSC
• PKCS#7
• eSign

3. Introduction
• Digital Signatures are synonymous to
handwritten signature or stamped seal
• Mathematical technique for validating
– Authenticity and integrity of a message, software
or digital document
• Gained legal validity as per Indian IT Act 2000

4. Paper Signatures v/s Digital Signatures
Properties Paper Electronic
Authenticity May be forged Cannot be copied
Integrity Signature independent of
the document
Signature depends on the
contents of the document
Non-repudiation • Handwriting expert
needed
• Error prone
• Any computer user
• Error free

5. PKCS & X509 Standards
• PKCS 1 :
– Properties and format of RSA key pairs
– Algorithms for encryption/decryption, signing/verification
• PKCS 7
– Cryptographic Message Syntax (CMS) Standard
• PKCS 10
– Certificate Signing Request (CSR) Syntax Standard
• PKCS 9 : Extended attributes for CMS and CSR
– Signing Time, NONCE, Sequence, Counter Signature
– DOB, Certificate Extensions, Name, Gender, Name & Address etc.
• X509 version 3 and 2 :
– Digital Signature Certificate(DSC), Certificate Revocation List(CRL)
• PKCS 11 : Cryptographic Token Interface Standard
– An API for signing and verifying data by a device that holds the key
(Hardware Tokens, HSM)

6. Associations in Digital Signature
• Document content :: Hash (Digital fingerprint)
• Hash :: Private key (Secret)
• Private key :: Public key (Known to everyone)
• Public key :: Certificate (Identity)
• Certificate :: CA (Trusted third party)
• CA :: RCAI (Root Certificate Authority of INDIA)

7. Building Blocks
• Cryptographic hash functions
– Integrity
• Asymmetric cryptography
– Authentication
• PKI (Public Key Infrastructure)
– Identity
– Non repudiation

8. Cryptographic Hash Functions
• Uniquely maps data of arbitrary size onto a fixed length
string
• Iterative one way compression
• Use cases : password, hash tables, caches, finding
duplicate records etc.
• Uses in cryptography - HMAC & Digital Signatures
• Properties
– Pre-image resistance : Infeasible to generate a message
from its hash
– Second pre-image resistance : Given a hash, difficult to
find another message with same hash
– Collision resistance : No two different messages with same
hash

9. Symmetric Cryptography
• Same key is used for
encryption and decryption
• Challenge
– Key distribution
– Key management
• Non Repudiation ?

10. Public Key Cryptography
• Employs asymmetric(mathematically related)
keys(key pairs) for encryption and decryption
• RSA, DSA, ECDSA
• Key used to encrypt differs from key to be
used for decryption
• Encryption using Public key
• Signing using Private key

11. Public Key Cryptography
• Strength lies in computational impracticality in
deducing Private key from Public key
• Security lies in protecting Private key
• Uses include Public key encryption and Digital
Signatures
• Computational complexity limits usage for
short messages
• Also used in hand shaking for secure exchange
of symmetric keys in SSL/TLS

12. Signing & Verification- Flow

13. Signing & Verification- Example

14. Public Key Infrastructure
• PKI – Public Key Infrastructure ecosystem is an intersection of:
• Cryptography (Math) – Cryptographers/Researchers
• Technology & Implementation – PKI System Developer
• Policy & Law – PKI System & Users

15. • Application
• Subject Authentication
• Certificate Generation
• Certificate Distribution
• Certificate Revocation
PKI - Registration/Certification

16. Certificate Authority
• Certifying authority is an entity which issues Digital Certificate
• It is a Trusted third party
• CA’s are the important characteristics of Public Key
Infrastructure (PKI)
Responsibilities of CA
• Verify the credentials of the person requesting for the
certificate (RA’s responsibility)
• Issue certificates
• Revoke certificate
• Generate and upload CRL
• Maintain & update certificate repository
• Make available Certification Practice Statement

17. PKI - India
• Strictly hierarchal trust path model
• CCA operates Root Certificate Authority of India(self signed certificate)
• Only one level of sub Certifying Authorities(max 4 certs a chain)
• Necessitates issuance of end entity certificates only through its sub-CA

18. Digital Signature Certificate
A Public Key Certificate is an electronic
document used to prove ownership of a public
key.
The certificate includes :
• Information about its owner's identity(Subject),
• Information about the key,
• The Digital Signature of an entity that has verified
the certificate's contents are correct(Issuer CA in
PKI)

19. X.509
X509 is ITU-T standard for PKI
Defines formats for:
• Digital Certificates – Version3
• CRL – Version 2
• Certificate Path Validation
• Distinguished Name

20. X.509 v3 Certificate
• Version (3)
• Serial Number
• Signature Algorithm
Identifier
• Issuer Name
• Validity Period
• Not before
• Not after
• Subject Name
• Subject Public Key
Information
• Public key algorithm
• Subject public key
• Optional Fields
• Extensions(optional)

21. C-DAC CA Certificate

22. X.509 v3 Certificate
Class of certificate : “Aadhaar-eKYC – OTP”
Mandatorily included in the Subject
Varying Pseudonym guarantees unique
Subject for same Aadhaar holder

24. X.509 v3 Extension
Associate additional information for subjects, public
keys and certificate revocation lists
• Extension type
• Extension value
• Criticality indicator
Key Usage(Critical) : Digital Signatures, Non
Repudiation
CRL distribution points
Certificate Policies
Certification Practice Statement(CPS)

26. PKCS#7
• Specifies a syntax for digital envelopes and digital
signatures
• Widely used in many applications for enveloping
and authenticating messages, and for distribution
of certificates and certificate revocation lists
• PKCS#7 Content-Type : SignedData for Digital
Signatures

27. Abstract Syntax Notation 1
1. The rules of syntax for describing the contents of a
message in terms of data type and content
sequence or structure
2. How you actually encode each data item in a
message – BER & DER(Identifier-Length-Content),
XER etc.
Age ::= INTEGER (0..7)
User ::= SEQUENCE {
name IA5String (SIZE(1..128)),
age Age,
address IA5String OPTIONAL,
}
Data Types : BOOLEAN, INTEGER, BIT STRING, OCTET STRING, NULL,
REAL, ENUMERATED, GeneralizedTime, IA5String, UTF8String
Constructors : SEQUENCE, SET

28. PKCS#7 - SignedData
Supports multiple signers/signatures

29. PKCS#7 - SignerInfos

30. PKCS#7
What is Digested and Signed
• RAW
• Hash of the message
• Does not contain information on DigestAlgorithm
• PKCS#7
• EncryptedDigest ASN1 structure
• Contains both hash & DigestAlgorithm
• AuthenticatedAttributes in case they are present

31. PKCS#7 - EncryptedDigest
ASN1 Definition of EncryptedDigest
ASN1 Parse of Decrypted EncryptedDigest

32. PKCS#7 – SigningTime
• AuthenticatedAttributes DER
encoded ASN1 structure is digested
• This forms an association of
message & signing time with the
signature
AuthenticatedAttributes include
• SigningTime
• MessageDigest and other attributes

33. PKCS#7 - Signatures Types
1. Single signature
– One signer and his/her signature on a document
2. Parallel signature
– Multiple signer and their signature on a document
3. Counter signature
– Hierarchy of signatures
– UnauthenticatedAttributes contains SignerInfos for counter signer
– Signature is on EncryptedDigest of previous signer
– Recursive in nature
Signature container may OR may not include content on which digital
signature was created
1. Attached PKCS#7 signature
2. Detached PKCS#7 signature

34. Without eSign
Subscriber :
• Application to CA for DSC (soft/hard mode)
• Key generation and safe custody(iToken, Smart card)
PKI :
• Manual verification of credentials (VA)
• Issuance & communication of DSC
Limited by :
• Not online
• Time taken for ascertaining subscribers identity
• Key management, accessibility and cost
Mass adoption and integration with services

35. eSign
Electronic Authentication Techniques & Procedure Rules, 2015
- Legal validity to authentication & eKYC using Aadhaar
eSign facilitates Digital Signatures by an Aadhaar
holder
– Registered & active mobile number is a
prerequisite
– OTP and Biometric authentication methods
– eKYC treated as verified PoI and PoA
(Registration)

36. Thank You
Q/A