The Reliability of Digital Certificates and Digital Signatures

The reliability of digital certificates and digital signatures is dependent on the authenticity of the key used to verify the signature and the reliability of the technical environment.

The utility of a digital signature as an authenticating tool is limited by the ability of the recipient to ensure the authenticity of the key used to verify the signature. For example, if the sender uses a private key to sign an unencrypted message, the receiver can verify the sender if the receiver knows the sender’s public key. To rely on the authenticity of that public key, the receiver must first retrieve it from some trusted source other than the sender. If an imposter is forging a message from the sender, he will send his own public key as well, claiming that it actually belongs to the sender. Since the imposter has the private key corresponding to the public key he sends to the receiver, when the receiver attempts to verify the signature of the forged message, it will result in a confirmation of the message’s authenticity even though it is not from the real sender.

In contrast, if the receiver has access to the sender’s real public key from some outside trusted source and uses it to verify the message signed with the imposter’s private key, the verification will fail, revealing the forgery. In short, if sender and receiver are strangers with no alternate means of communication, digital signatures or cryptography alone may not be reliable to authenticate or identify them to each other. Assistance from a trusted outside source is needed to provide a link between their identities and their public keys. This outside source could be a trusted third party, such as a government agency, a business that offers online verification services or a third-party certification authority.

The level of technical reliability may vary depending on the importance and purpose of the message or document, the intended use of the information in the message or document, the nature or degree of risk or opportunity for fraud, and the physical security of the information management system. The following are some of the questions that need to be addressed in terms of technical reliability:

• What security does the signing party have to ensure that its private key is secure? Have the technical and business practice requirements and guidelines been met? Are the computer systems trustworthy? Are the business practices trustworthy?
• Is there a prudent method of private key management?
• Are procedures in place for private key recovery?
• Are there different digital certificates for each community of interest with which the user interacts online? What are the controls over the different digital certificates’ usages?
• What are the procedures to protect a private signing key? If it is protected by a password, how hard is it to guess that password? If it is stored on a smart card, how resistant is it to attacks?

*Electronic and Digital Signature a global status report 2002