The principal propellant of commerce is the trust reposed between business partners. The trust - and more, the breach of it - must be subject to law. Trust can evolve and develop only on the crutches of a well established legal framework. The users of information technology must have trust in the security of information and communication infrastructure, networks and systems. Trust can develop and only as result of the following namely, integrity of data, availability of data and confidentiality of data. In order to buttress the above features, not only one should be able to prove the origin and receipt of data, but the genuine owner should also be disabled from repudiating his ownership.

A digital signature is a message encrypted with a Private Key to certify the contents. This process of encryption is called ‘Digital Signing‘. Digital signature can perform three different functions, all being important to the security of the system:

1. Data integrity: A digital signature indicates whether a f‌ile or a message has been modif‌ied (tampered with),

2. Data Authentication: A digital signature makes it possible to digitally (mathematically) verify the name of the person who signed the message.

3. Non-repudiation: After one has signed and sent a message, one cannot take claim that lie/she did not sign the original message. One cannot repudiate his/her signature, because the message has been signed with his/her own Private Key (which, presumably, no one else has).

To sum up ,-

• A digital signature is a personalised thumbprint.
• It is the encryption of an electronic document, using a key.

To sign an electronic record or any other item of information, the signer shall f‌irst apply the hash function in the signer‘s software; the hash function shall compute a hash result of standard length which is unique (for all practical purposes) to the electronic record; the signer‘s software transforming the hash result into a Digital Signature using signer‘s private key; the resulting Digital Signature shall be unique to both electronic record and private key used to create it; and the Digital Signature shall be attached to its electronic record and stored or transmitted with its electronic record.

The verif‌ication of a Digital Signature shall be accomplished by computing a new hash result of the original electronic record by means of the hash function used to create a Digital Signature and by using the public key and the new hash result, the verif‌ier shall check-

$\quad$ (i) if the Digital Signature was created using the corresponding private key; and

$\quad$ (ii) if the newly computed hash result matches the original result which was transformed into Digital Signature during the signing process. The verif‌ication software will conf‌irm the Digital Signature as verif‌ied if:-

$\quad$ $\quad$ (a) the signer's private key was used to digitally sign the electronic record, which is known to be the case if the signer‘s public key was used to verify the signature because the signer's public key will verify only a Digital Signature created with the signer's private key; and

$\quad$ $\quad$ (b) the electronic record was unaltered, which is known to be the case if the hash result computed by the verif‌ier is identical to the hash result extracted from the Digital Signature during the verif‌ication process.