Increase Your Research and Development Productivity with Digital Signature Legitimateness in India

How to eSign a document: digital signature legitimateness for Research and Development in India

[Music] hello team welcome to my session on coffee with prab and today we're going to cover hashing and digital signature if you're new to my youtube channel do subscribe to my youtube channel and click on the bell icon to make sure you should not miss my any videos which i'm going to upload in future who am i my name is prabhnaya and for more information you can refer my linkedin profile so without wasting a time let's start with the first part which is called as a hashing so first we're going to learn about hash function so if you go by the definition it is saying that cryptography hash function is an algorithm that take arbitrary amount of data input and produce a fixed size output of a text called as a hash value and hash is a value created by the hashing algorithm so again it is written in a slide so let me explain you with the reference see hashing is basically used to provide data integrity let me given practical demonstration of that when i say integrity and how the hash play important role suppose this is a food which i order from zamato tomato is a food aggregator services in india now if you notice this food package whatever i order it has a seal this is called as a seal can you see that this is called as a seal this seal so example like this is the restaurant okay who cooked food and place that food in a box and he then sealed that box with some tape and all that and he just told a customer which is me that we have sent a food to your house so now what happened the food is carried by the food delivery guy and it is delivered to me when i receive the food i can see a seal on the food like this kind of a seal it give me assurance that during a transit from this point to my point no one has altered the food and i receive the same state of the food which is packed by the restaurant and that shows the integrity of their services and how i verify with the help of the seal same like in data security we need to provide data integrity so if we take example of the bank now bank sent me a statement this is the statement bank statement and what they did before sending a statement they generate the hash value of the data so what is this hash value is hash value is the fixed value they generate for this data it is it doesn't mean that okay they convert something no this is the bank statement we have which is produced by the bank and they generate not convert they generate one fixed hash value a digest value of this particular bank statement and they attach same hash value on the email and send it to me they told me hey prep when you download the statement check the hash value of the statement and compare the hash value with the hash value what you obtain in an email if both hash value same it mean the data came without any unauthorized modification because if you're getting a same state of value you're getting a same hash value it means data was protected from unauthorized modification you don't you haven't received any kind of a different data same like we have a amazon when you order something from amazon any liquid component or when you buy something liquid component pepsi and all that they clearly mention if you receive the product with the broken seal do not accept there is a probability during a transit they have opened that and make something which is creating an integrity issue so hashing is a function used to provide the integrity to the data how suppose this is the name which is called high prep so i use a hashing algorithm like sha md5 and with the help of that it produce one fixed hash value you don't trust me let me show you the practical demonstration of the hash so this is the website called tool for knobs noobs.com and i type hi prep i selected md2 and hash this so this is the hash value has been created okay so it doesn't convert it generate the fixed value of this data okay now what i did i just remove h and now you can see a different hash value now if you notice by changing one bit it change the entire hash value so when i receive the data they told me on the bank statement on the email this is the hash value of the bank statement but when i scan it i found this i use the same website or i use a hash calc by which i scan my data and i found this hash value so it mean the data what i receive is not a authorized one so this is how we can able to detect the unauthorized modification of the data and that is basically called as a hash function so hashing used to verify the integrity of a data such as email download files stored on the disk and we have some common example like md5 and sha sha is basically more secure because it providing me a larger length of hash value because if you have a smaller length of hash value then it is a chances that okay two different data can generate a same hash value okay high prob or high money can generate the same hash value because it is not converting we're just generating so that is basically and that is irreversible normally in the encryption what happen if i convert hype prop into something with the help of key i can reverse back but in the hashing we cannot reverse back because we are not converting something we generating a fixed value from the data so that is what is called as a hashing so next topic what we have is called as a digital signature okay so digital signature are similar to the handwritten signature on a printed papers that identify user but it is a electronic verification of the center okay so this signature is a hash value that has been encrypted with the sender private key if you need to understand this better you must refer my previous video where i cover the cryptographic fundamentals because digital signature we can achieve with the help of asymmetric cryptography now let me explain you with the practical demonstration if you saw if you saw my previous video where i discuss about asymmetric cryptography so we have a system a and we have a system b both have their own public and private key public key and private key we also have a public key and private key if b want to uh you want a session key he will send his session key so you can check my previous video so in digital signature what happens suppose we also have a c we have a d and we have an e okay so we have a multiple systems here now what happened accidentally what happened e a c and d all have a common public key of b example because public key is accessible to everyone so d use the public key encrypt the data and send it to the b c use the public key of b encrypt the data and send it to the b a will basically use the public key of b encrypt the date and send it to the b and e will use the public key of b into the date and send it to the b and b will use his private to decrypt the data but my question here is i want to verify the authenticity i want to know who sent which data okay and who sent this data i want to verify the source because my key is accessible to everyone so anyone can use the key encrypt and send it to me but i would like to know who sent this data who sent this email to me okay who sent me this data i want to verify that and that is why we use a digital signatures that is why you know when you're signing a papers documents and all that they said please sign here please sign his tomorrow you should not deny that and by the paper we can able to identify the authenticity of the document same thing happen here so when sender sending a data he add a signature into that so that destination can believe it is came from a respective source and that is why we use a digital signatures example like if a want to send a data okay and you want to give assurance it is came from me so this is the data which is basically generate okay right now the time is in india is 9 55 pm isd at this particular state we generate this data okay so a is saying that boss this is my data and for this assurance i will generate the hash value of this data which is a fixed value of the data this hash produced by me only i will encrypt this hash with my private key and as you know no one share their private key so when you use the private key of a to encrypt the hash it produce one ds value i repeat again private key of a used to encrypt the hash it produce that digital signature value and that is basically add to the data and a send data to the b when b receive the data it has a ds value so a b use the public key of a to decrypt the hash so by decrypting the hash with the public key of a it give the assurance to the b it came from the a and then he scan the data and find the hash and compare this hash with this hash by this it achieved the integrity so by this way we achieve the authenticity also in integrity also so this is basically called as a digital signature where you're encrypting the hash with the sender private key digital signature apart from providing the solution it also offer other things okay if the recipient recipient receiver offered digitally signed email can be decrypt the hash it provide the three security benefits first is called as an authentication i have already demonstrated practically that when i receive an email i decrypt the hash value of the email with the sender public key so by this way i can able to verify from where it came right so i can able to validate that and no one share their private key so it gave me the assurance second is now if it came from the sender i able to verify so in that case sender will not able to deny now example you are the sender and you send me the data which digitally sign with your private key so you cannot deny on a later stage that it was not me who sent the data come on this data is now decrypted this hash value now decrypted with your private key okay one more example i can give you about the non-reputation is basically like imagine we have amazon so amazon sent an order to sell stocks using a digitally signed email if the stock increase after his sale complete he cannot deny the transaction because it is add with the digital signatures and that digital signature is basically generated from the private key so that is why see the proof i have the ds value which is decrypt with the public key that is authentication which is slash called as authenticity and because of that the sender cannot deny for his action that is called as a non-reputation and along with that i am able to achieve the integrity already because when i generate the hash i check the hash to verify the integrity of the data so digit signature provide the authenticity because there's a unique piece into that by which we can able to identify who sent this data and when i am able to verify who sent this data the sender will not able to deny for the latest stage because i am able to decrypt with his public key that is called as a non-reputation and third by the hash value i'm already validating that point that is called as a integrity so if you find this video useful do share your network and please let me know what are the common algorithms we can use for the hashing okay and do let me know what does a common algorithm we can use to map with that digital signature thank you for watching my video bye take care