Digital Signature in Blockchain [Useful Tutorial]

In this blockchain tutorial, we will discuss everything about digital signature in blockchain. By the end of this blog, you will be able to understand all the terminologies related to digital signature and also you will be able to generate the new digital signature and verify the existing one. Also, we will cover these topics.

  • Introduction to Digital Signature
  • Properties of Digital Signature
  • RSA digital signature algorithms
  • The elliptic curve digital signature algorithm
  • Generate Digital Signature Certificate
Digital Signature in Blockchain
digital signature logo

Introduction to Digital Signature

A digital signature or electronic signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document.

  • Digital signature is a part of asymmertric cryptography wherein two keys (public & private) are involved.
  • Digital signature provide data integrity and non-repudation. Sender confirms that received message is not altered.
  • Like handwritten signatures, digital signatures also serve undeniable a proof of trust that the message received is directly from the rightful sender and it is not altered.
  • Digital Signatures are widely used in bitcoin transactions. Sender digitally signs the trasaction using private or public key.
  • There are two types of algorithms using which digital signature can be generated.

Check out, Blockchain Architecture

Properties of Digital Signature

Digital Signature has 3 important properties that work as a pillar to this kind of security system.

properties of blockchain digital signature
Digital signature properties

1. Authenticity

Authenticity means digital signatures can be verified if required by the receiving party.

2. Unforgeability

The unforgeability property ensures that only the sender of the message is using the signing functionality with their private key.

  • Unforgeability also means that no one else can produce signed message produced by rightful sender.
  • Handwritten signatures are prone to forgery as with practice anyone can master to make a signature like a legitimate entity or can cut copy paste to make it look like original.
  • But digital signature cannot be removed from the original message and is created using a mathematical algorithm that is not easy to guess or produce. This is how digital signature fixes this problem.

3. Non-Reusability

Non-reusability means that the digital signature cannot be removed from the original message and is created using a mathematical algorithm that is not easy to guess or produce.

Also, read, Consensus in Blockchain

RSA Digital Signature Algorithms

In RSA digital signature algorithm, data is converted to hash and then digitally signed using the private key.

  • Data can be signed directly without converting it to hash but that way is less secure.
  • Converting to hash gives an option to the receiver to cross check the received data with the original data.
  • receiver can compute the hash and match it with the original hash. If everything is same that means data is not intercepted by any middleman.
  • Only signer has the privte key so this will ensure the authenticity of the signature and signed data.
  • In the below diagram, we have shown the generation of digital signature. This diagram displays the working of whole process.
digital signature working
Digital Signature Working
  • In the above diagram, data is converted to hash and then encryption is applied using private key. Signature algorithm is also applied at the same time.
  • As a result of which new file is created in the same directory with the name signature. You can provide any name to this file.
  • Once the digital signature is generated we can verify it. here is the diagram to show the working of whole process.
verify digital signature in blockchain
Digital Signature Verification
  • In this diagram, data and signature both are converted to hash and then compared with each other.
  • If they matched that means data is not altered in the process.
  • Data is converted to hash using hash function whereas signature is decrypted using signer’s public key.

Generation of Digital Signature

In this section, we will show practically how to generate a digital key and verify it using RSA Digital Signature Algorithms in the blockchain.

  • Please note that we are working on a Linux based operating system and we have placed or created all the files in a same directory.
  • Follow the command to install openssl on your device. There is a possiblity that you already have openssl installed on your device. You can check it using the command openssl version.
sudo apt install openssl
  • To perform this operation, we need to ‘public’ and ‘private’ keys. Public key can be generated using private key.
  • Use the following command to generate the private key, please note that we have named our key as private.pem. This private key will be in Privacy Enhanced Mail (PEM) format.
openssl ecparam -name secp256k1 -genkey -noout -out private.pem
  • Use the following command to generate public key using private key. We have named our public key as ‘public.pem’.
openssl ec -in private.pem -pubout -out public.pem
  • A PEM file consists of a private key, server certificate, and additional certificates that make up the trust chain.
  • Once, the keys are ready create a text file on which you want to apply a digital signature. In our case we have created a file ‘poem.txt’ and inside that file we have mentioned this text ‘twinkle twinkle little star’.
  • Next step is to generate hash of the text file and assign signature to it. Follow the below command to perform both things with single command.
openssl dgst -sha256 -sign private.pem -out signature.txt poem.txt
  • signature.txt is the generated signature file. you can find this file in the folder.
  • we have used private.pem to encrypt the file.

Verification of Digital Signature

In this section, we will continue where we left in the previous section. Here we are going to verify the digital signature.

  • So far we have created a text file with the name ‘poem.txt’. We have converted that file to hash and applied digital key encryption using signer’s private key (private.pem). This way we have generated ‘signature.txt’ which is encrypted file with digital signature.
  • Verification simply means to make sure that the file is not changed in the process. We have original file ‘poem.txt’ and we have converted file ‘signature.txt’. Comparing both of them will give result.
  • Here is the code to verify the signature.txt file with original file ‘poem.txt’
openssl dgst -sha256 -verify public.pem -signature signature.txt poem.txt 

Just to make sure that you don’t leave in any confusion we have added a live demonstration of whatever we have explained to generate a digital key.

digital signature live working-
Digital Signature Generation and Verification Demonstration

Also, read, Types Of Blockchain

The Elliptic Curve Digital Signature Algorithm

The elliptic curve digital signature algorithm (ECDSA) is Digital Signature Algorithm (DSA) based on elliptic curves.

  • It is based on modular exponentiation and the discrete logarithm problem.
  • It is widely used on Blockchain platforms like bitcoin, etherium, etc. to validate messages and provide data integrity services.
  • In order to sign and verify using ECDSA scheme, it is important to generate public and private key. Use the below command to create private and public keys.
# Generate Private Key
openssl exparam -genkey -name secp256k1 -noout -out private.pem

# Generate Public Key
openssl ec -in private.pem -pubout -out public.pem
  • Once the keys are generated, it’s time to create a file on which the operation will be performed. In out case we have created poem.txt with a small text in it.
cat > poem.txt
twinkle twinkle little star
  • Applying encryption using private key and generating signature. New file with teh name signature.txt will start appearing in the directory. The type of encryption we have applied is -sha1, earlier it use to be written as -ecdsa-with-SHA1 .
openssl dgst -sha1 -sign private.pem poem.txt > signature.txt
  • To verify the signature, simply change the keyword -sign to -verify and add a parameter -signature followed by signature file and the file on which operation is performed poem.txt in our case.
openssl dgst -sha1 -verify public.pem -signature signature.txt poem.txt

In this way, we can generate and verify the digital signature using ECDSA. To make things more understandable we have added a gif file below demonstrating all the steps we have covered in this section.

digital signature ecdsa in blockchain
Digital key Generation and Verification using ECDSA

Read Cryptography in Blockchain

Generate Digital Signature Certificate

In this section, we will learn how to generate Digital Signature Certificate in the blockchain.

  • Private key is required to generate the certificate in blockchain. We have already created private key in the earlier section.
  • Certificate can be generated for both RSA and ECDSA using the given steps.
  • While generating certificate it asks for various informations like country, state, company name, etc. You can either fill the information or skip it by pressing enter.
  • Here is the code to generate digital signature certificate in blockchain.
openssl req -new -key private.pem -x509 -nodes -days365 -out certificate.pem
  • To view the certificate you can follow any one command from the below mentioned two commands.
openssl x509 -in certificate.pem

# or

cat certificate.pem

Below gif file will walk you through the entire steps to generate and view the digital signature certificate.

View Digital Signature Certificate in blockchain
Generate and View Digital Signature Certificate

Related Blockchain tutorials:

In this blockchain tutorial, we have learned everything about Blockchain digital signatures also we have covered these topics.

  • Introduction to Digital Signature
  • Properties of Digital Signature
  • RSA digital signature algorithms
  • The elliptic curve digital signature algorithm
  • Generate Digital Signature Certificate