People have been signing documents as a means of establishing proof of identity for hundreds of years. As communication evolved, the need to identify the author or approver of documents has increased. Just as handwritten signatures enable us to apply a means of identification to any document, a digital signature enables us to apply a unique identity to a digital document or message. We can validate the authenticity of a signature by comparing it to other examples of the same person’s signature and checking for commonalties. In much the same way, digital signatures provide a means for verifying authenticity and integrity of documents and messages.
How Do Digital Signatures Provide Integrity and Authentication?
Digital signatures use public key cryptography to enable parties to exchange messages in a trusted fashion. The first step in the signature process is to apply a mathematical technique to create a summary of the message you intend to send. Using this technique you reduce the message to a small number called a digest. The digest should have two particular qualities: it should be ‘collision free’ (that is, no two messages should be able to produce identical digests); and it should be one-way (that is, although you can obtain the digest from the message, you cannot obtain the message from the digest).
The author of the message uses their private key to encrypt the digest, and attaches the encrypted digest to the original message and sends to the intended recipient. When the recipient receives the message, they use the author’s public key to decrypt the digest. Since only the sender’s public key can be used to decrypt the digest, this proves that it was the message sent by the author. In this way, the recipient can authenticate the author of the document.
The recipient can also verify that the document has not been modified by anyone other than the author. To do so, they create a new digest from the plaintext message, and compare the resulting digest to the one from the author. If they match, the recipient has assurances that the document is unaltered.
Enhancing Digital Signatures with Hardware Security Modules
We recommend using a hardware security module for digital signatures for two reasons: performance and security.
From a performance standpoint, signing operations are very processor-intensive. And the longer the key, the greater the processing effort required. NIST recommends using keys that are at least 2048 bits in order to provide adequate security. At this length, there is a significant load on the CPU—and it is not something that can be solved by simply increasing the server’s RAM. The larger the signature key length, the greater the CPU utilization.
To be CPU-independent, you need to use hardware acceleration to provide a large number of both key generation and signing operations. The simple fact is that you need to offload all cryptographic functions to a dedicated HSM with its own dedicated crypto processors in order to ensure adequate performance and to prevent overloading the host server.
The second reason that all signing operations need to be performed within the HSM is basic security. As the entire security structure is built upon the foundations of cryptographic keys, care should be taken to protect the sensitive private keys. Private keys must be kept strictly private, secret, and secure. Without proper security measures in place to protect the signing process and underlying cryptographic keys our ability to trust digital signatures could be compromised. An attacker could create fraudulent signatures, or use legitimate signatures against an organization.