Electronic Signatures within the Public Key Infrastructure

A tantárgy neve magyarul / Name of the subject in Hungarian: Elektronikus aláírások a nyilvános kulcsú infrastruktúrában

Last updated: 2011. október 12.

Budapest University of Technology and Economics
Faculty of Electrical Engineering and Informatics

Software Engineering B.Sc.


Creative Computer Engineering and Design

Aquincum Institute of Technology

Course ID Semester Assessment Credit Tantárgyfélév
VIHIA034 1 2/0/0/v 2  
3. Course coordinator and department Dr. Félegyházi Márk,
4. Instructors
 Name: Position:Department:
 István Zsolt BERTA
 Lecturer Department of Computer Science and Information Theory
5. Required knowledge Interest in IT security is required. No prior knowledge of either law or cryptography is needed. Students are required to have a general knowledge of computers and of Internet use only
6. Pre-requisites
Electronic signatures yield an interdisciplinary field between law and computer science. There is no need to print an electronic document just because we need to sign it. A document can also be signed purely electronically, by encoding it using certain mathematical (cryptographic) methods that can create legally binding ‘electronic signatures’. According to the European legal framework established by Directive 1999/93/EC, the so-called ‘qualified’ electronic signatures are to be considered equivalent with handwritten signatures in all member states of the EU.

The course provides an overview of electronic signatures and the public key infrastructure (PKI), the technology behind them. While it approaches the topic from the technical point of view, it also embraces the mathematical, regulatory, legal and economic aspects of electronic signatures. The course gives further insight into the public key infrastructure (PKI) and shows how the same technology is used for other purposes like encryption, partner authentication or secure web access (e.g. secure socket layer, SSL).
7. Objectives, learning outcomes and obtained knowledge The European and the American concepts of electronic signatures (or digital signatures) are fundamentally different; the European PKI is much more heavily regulated both by laws and by technical standards. While students attending the course shall gain a general understanding of the international principles of PKI, they shall also gain insight into the European legal framework and the European electronic signature standards.

By completing the course, students shall be able to evaluate if it pays off to use PKI in a certain situation, and if PKI is used, they shall be able to address its issues and design a PKI-enabled system better. If they later choose to work either in Europe or together with European companies, they shall benefit from the course e.g. when setting up e-invoicing for their company. Students shall also learn how to differentiate between various types of certificates, and they shall be able to select the right web server certificate for websites or web stores they shall operate.

As the course is on security, it aims to inspire the security-oriented way of thinking, which means ‘thinking with the head of the attacker’ and trying to find the weak points of a system (e.g. a system for signature verification) where it can be ‘hacked’. As PKI relies on cryptography, it is one of those few areas where mathematics can be applied in practice directly.

In the practical part of the course, students shall be able to try out what they learned. They shall visit a Hungarian PKI service provider, and shall receive hands-on experience from makers of European PKI.
8. Synopsis
  • Introduction
Students gain an overview of the basic terms of PKI, such as: certificate, certificate authority, relying party and the concepts of encryption, authentication and electronic signature.
  • Cryptographic background
The concept of a cryptographic key is introduced and Kerckhoffs’ principle is explained. A brief summary is provided on cryptographic primitives necessary for understanding PKI: the basics of public key cryptography and cryptographic hash functions are explained. The RSA cryptosystem is outlined as an example for a public key cryptosystem.
  • Certificate
The concepts of public key certificate and certificate policy are explained. The structure and the lifecycle of a certificate (registration, issuance, use, verification, revocation, expiration etc) are explained. It is also justified why it is not possible to have just one certificate and to use it everywhere.
  • Certificate Authority (CA)
Students gain an understanding of what a certificate authority is, how it operates and what security measures it implements.
  • Certification chains
Certificate authorities can be interconnected via ‘cross-certification’ that allows an end-user trusting one CA to verify and accept certificates issued by another one. Various PKI structures (hierarchical, bridged, mesh etc) are demonstrated. Possible problems and their solutions are addressed.
  • Electronic signatures
The concepts of advanced electronic signature and qualified electronic signature are explained, the legal difference between them is highlighted. The processes of creating and verifying electronic signatures are demonstrated, and some widespread signature formats (e.g. PKCS#7, XMLDSIG, XAdES, CAdES) are explained. The concept of signature policy is explained.
  • Visit to Microsec
A visit to Microsec premises where students meet a real certification authority. Students also receive a smart card containing public key certificates that can be used for creating qualified electronic signatures.
  • Time stamping
When verifying an electronic signature, we need to know that the signature existed at a certain point of time. If such a trusted point of time is not available, verification becomes ambiguous and signatures can be easily repudiated. Time stamping is perhaps the most straightforward way of obtaining and preserving such time evidence.
  • Long-term archiving of electronic signatures
If the verifiability of an electronic signature needs to be preserved for a long period of time (e.g. for 50 years), special measures must be taken.
  • Encryption and partner authentication using PKI
While the public key infrastructure used for signatures, can also be used for encryption or partner authentication, it requires a fundamentally different approach. Such differences are highlighted. An even deeper insight is provided into web-based authentication using the secure socket layer (SSL) protocol, which constitutes perhaps the most widespread use of PKI.
  • Certificates & roles – attribute certificates
While public key certificates can contain information on the role of the certificate holder, it is beneficial to separate the role from the public key. Attribute certificates provide a standardized solution for this.
  • How can electronic signatures be used? How are they used?
While the legal framework for electronic signatures has been in place for more than ten years, there are relatively few applications yet. Case studies shall be presented on both successful and less successful applications.
9. Method of instruction The course is organized in lectures. Slides for lectures shall be available for students.

Students shall receive devices for creating qualified electronic signatures throughout the course, and shall also receive homework they need to solve with their signatures.
10. Assessment Written exam at the end of the course
13. References, textbooks and resources On cryptography:
  • Bruce Schneier, Applied Cryptography, second edition, John Wiley & Sons, 1996

On public key certificates:

Laws and regulations:

Standards and specifications:
14. Required learning hours and assignment
Kontakt óra28
Félévközi készülés órákra10
Felkészülés zárthelyire0
Házi feladat elkészítése10
Kijelölt írásos tananyag elsajátítása0
15. Syllabus prepared by
 Name: Position:Department:
 István Zsolt BERTA
 Lecturer Department of Computer Science and Information Theory