Digital Signature

Sign what and sign when?

• To get access to a secure web site
• Tax declaration
• Birth certificate request
• Address change notification
• Tender, stock order
• Contract (insurance, loan…)
• E-mail
• Medical prescription
• Delivery receipt form
• Expense claim
• Bill
• etc...

Algorithms

• You need to prove that you have (know) the key
• You can send the key value and match. This is done in PACS
• You can transform challenge data using the key and send the response, never exposing the key. This is called cryptography

PKI: Public Key Infrastructure

• User (or entity) gets a related key pair:
  • one private key, known only to the user
  • one public key, distributable to the world
• A message encrypted with one key requires the other key for decryption

Key Reciprocity

• Data encrypted using the public key requires the private key for decryption.
  • If you know my public key, you can send me via an open channel a message only I can read.
• Data encrypted using the private key requires the public key for decryption.
  • If my public key decrypts an encrypted message I have sent via an open channel, then only I could have sent it.

X.509 Certificate = “License”

• Identifies you and your institution
• Can’t be self-created
• Created for you by your institution