The digital signature plays the role of authenticating any electronic record. An electronic record is seen as authentic when the subscribers of digital signature authenticate the electronic record by affixing his digital signature to it. This authentication process runs by help of encryption and key pairs. Thus, the role of encryption and key pair in securing a document under the information technology act is very important. Under encryption the information is converted into a secret value which hides the true meaning of the information contained in the electronic records which can only be opened by the corresponding key pairs which is used to encrypt the information contained in the electronic records.
Importance of Encryption and Key Pair are as follows:
- Sender’s authentication. The Key pair used are related keys so information can only be decrypted with the corresponding private key of the key pair which is used to encrypt the information. With The digital signature it is easy to authenticate the sender of information so the recipient can authenticate who really sent that message.
- Integrity of message: The Information which is encrypted by the public key is only decrypted by the corresponding private key of the same key pair. If the information created by applying a public key gets tampered, altered, modified or changed, then the private key will not be able to decrypt the information as the hash value in this case will not match. So, the receiver gets to know if the message has been tampered. If the private key is able to open the information that means the information is true and can be relied upon.
- Non-Repudiation: Digital Signature shows that the sender cannot deny sending the information on message and cannot deny its context as well and is responsible for the message he has sent.
The authentication of electronic records is affected by use of asymmetric Cryptography and Hash Function as stated under section 3 of the IT Act, 2000. Asymmetric Cryptography is defined under section 2 (1) (f) of the IT Act. It is basically a system of a secured key pair in which the public and a private key is used. Private key is used to create a digital signature and a public key is used to verify it. These keys are digitally and mathematically related. Public key is defined under Section 2 (1) (zc) for IT Act which means the key of the key pair which is used to create a digital signature while, Private key is defined under section 2 (1) (zd) of IT Act, which means the key of a key pair used to verify a digital signature. It is to be noted that the private key is only known to its holder while the public key is made available to everyone.
Working of the Key Pair:
When we apply public key and asymmetric cryptosystem and Hash Function transfer the initial electronic record into another electronic record. The hash function here stands for algorithm mapping and translation of one sequence of bits into another, generally a smaller set known as Hash result for Cyber text, in such a way that the electronic record yields to the same hash value every time the algorithm is executed within the same electronic record as its input. Because the hash function is such a mapping system which generates the same hash result every time with the same input, the encrypted electronic record can only be decrypted by the corresponding private key of the key pair. This shows that when the receiver uses a private key to decrypt it the hash value matches then it means that electronic record has not been changed or manipulated but if the hash value does not match it means that electronic record has been hampered. So, this way the private key and the public key works to authenticate electronic records.