I recently received an e-mail from firstname.lastname@example.org saying that it was from the Windows Live team. The e-mail said that I needed to reply to it as part of a verification process with my user ID and password in order to avoid the deactivation of my e-mail account. As I clicked on the reply button and started to compose the mail, a thought struck my mind that made me refrain from proceeding. The thought was simply, “Why do these guys need me to insert my user ID and password when it is quite obvious that I already know both — how else would I have signed in?” This is when I realized that it was an attempt to hack my e-mail. As I mentioned earlier, the e-mail said that it was from the Hotmail team. Attackers, hackers and viruses can “spoof” e-mail addresses, fooling you into believing that the message was sent by a person who never sent it. It may be hard to authenticate a message. The internet is filled with such frauds. So, how can we be sure if an e-mail is authentic or not? Well this is where “Digital Signatures” come into play.
A digital signature is not the same as an electronic signature, which in most cases is a scanned copy of a handwritten signature. A digital signature is the type of electronic signature that mostly used to confirm the identity of the sender of a message or document. It’s like a guarantee to the recipient that the original content of the message has not been altered or changed in any manner during transit. Any attempts at tampering with the message would break the signature. It also verifies the signer’s digital identity. Digital signatures are used to authenticate identities when more than one party is involved. And when an email is digitally signed, your email client will almost always be able to tell you if the signature is authentic.
So why is there are need for digital signatures?
- Verifies the sender’s authenticity.
- Verifies message content being alteration- free.
- Ensures confidentiality.
Date/Time stamp avoids confusions, disputes and frauds.
Who uses digital signatures?
Apart from organizations that don’t want to waste paper, ink, money and time delivering and receiving documentation, digital signatures are used for software distribution and financial transactions.
Usually a digital signature contains the following:
- Your name, company name and e-mail for contact purposes
- Expiration date so it’s not misused later on
- A serial number
- Public key — all the above would be pretty useless if you cannot translate the data into words you understand.
This means of communication is very cost effective, fast and hassle-free. Many organizations have yet to brace this evolution. As with all entities there will always be a possibility of theft. Say you were to tell your key to a mate at work (which under no circumstances you ever should) and he intentionally or unintentionally leaks it. But as problems come up so will solutions. Hopefully this will become a more safe and productive tool for all of us in days to come.