What are Digital ID’s?
Digital ID signature or certificate is an installed file resident on a computer validates who you are. Digital signatures are used by programs on the internet and local to the machines to confirm your identity to any third party concerned. Digital signatures have been confused with electronic signatures. Electronic signatures are scanned copies of a physical written signature.
Reasons for using digital security.
It insures by means of verification and validation that the user is whom he/she claims to be. This is done by combine the users credential to the digital certificate and in turn this method uses one point of authentication.
Digital certificates insure data Integrity giving the user piece of mind that the message or transaction has not been accidentally or maliciously altered. This is done cryptographically.
Digital certificates ensure confidentiality and ensure that messages can only be read by authorized intended recipients.
Digital certificates also verify date and time so that senders or recipients can not dispute if the message was actually sent or received.
The components that a digital signature comprise of.
Your public key: This is the part that any one can get a copy of and is part of the verification system.
Your name and e-mail address: This is necessary for contact information purposes and to enable the viewer to identify the details.
Expiration date of the public key: This part of the signature is used to set a shelf life and to ensure that in the event of prolonged abuse of a signature eventually the signature is reset.
Name of the company: This section identifies the company that the signature belongs too.
Serial number of the Digital ID: This part is a unique number that is bundled to the signature for tracking ad extra identification reasons.
Digital signature of the CA (certification Authority): This is a signature that is issued by the authority that issues the certificates.
Difference between Electronic Signatures and Digital Signatures
There is a clear difference between digital and electronic signatures, though these terms are often used interchangeably. The digital signatures (also known as Advanced or Secure Electronic Signatures) use cryptographic techniques. They are based on industry standard known as Public Key Infrastructure (PKI), which guarantees data integrity and non-repudiation of documents and transactions. The digital signature cannot be copied, tampered or altered.
While an Electronic signature is just a representation of a person in the form of an electronic image of the handwritten signature, symbol, voiceprint, etc. It can be copied or tampered with.
Digital Signatures
Digital signatures are used to achieve Authentication, Non-repudiation, and Authorization.
Authentication is a technique by which a process verifies that its communication partner is who it is supposed to be and not an intruder, and deals with the question of whether or not you are actually communicating with a specific process. Non-repudiation is a mechanism which provides a way to prevent the author from falsely claming that he or she is not the author. Authorization is concerned with what that process is permitted to do.
Hashing; as a means to verify data integrity
The reason for performing hashing is to ensure data integrity. Hashing is simply a process whereby you calculate a hash code from some data. The generated hash code is mathematically derived and is unique and specific for the data it was derived from. If any byte changes in the data then a completely different hash code is generated. For example a hash code generated from the text “Hello” is completely different to the hash code generated for the text “hello” or “ Hello”.
This is what makes hashing extremely useful in checking if data has been modified or damaged since it was either last saved or sent over the network. If, for example, you’re sending data to someone then by sending a hash code of the data along with the data itself the receiver can check the data's integrity by generating their own hash from the data and comparing it with the hash code that was sent. If the data has been modified, even by one byte, then the two hash codes won’t match and that means the data has been altered.
Here's another practical example of the process:
Bob sends Alice some data and Alice wants a means to check if the data has been modified. Bob creates a hash code of his data and sends both the data and the hash code to Alice. Alice then creates her own hash code from Bob’s data using the same hashing algorithm used by Bob and compares her hash code against Bob’s hash code. If there is a match then the data has not been modified.
Hash codes are a means to check that data was received/read as it was sent/written, any accidental damage/modification or malicious changes are checkable using hashes.
Some hashing algorithms include MD5, SHA1, and SHA256.
Example of using SHA1 hashing algorithm in .NET. //sha1 hashes work with bytes, need to converts text to bytes byte[] data = Encoding.Unicode.GetBytes(this.txtOriginal.Text);//sha1 crypto serviceSHA1 sha = new SHA1CryptoServiceProvider();byte[] result = sha.ComputeHash(data);
Message Authentication Codes (MAC); as a means to prevent man in the middle attacks and verify data integrity.
One of the problems with hashing is its wide open to man in the middle attacks. Without doubt hashing has its uses but in terms of sending data there is nothing stopping someone from intercepting the data, modifying it, and then resending the new message with a new hash. What the receiver gets is a message where the hash code matches the data, even though the data has been modified.
Message Authentication Codes are a way to prevent this. MACs use symmetric encryption methods to protect the sent hash. Symmetric encryption uses one private session key and both the sender and receiver require to have a copy of this key.
The process is as follows. Bob sends Alice some data. He generates a hash of the data and encrypts the hash using the symmetric key. Both the data and the encrypted hash are sent to Alice.
Alice, who also has the session key, generates her own hash from the data and encrypts it using the session key. She then checks her encrypted hash against the encrypted hash Bob sent. If they match the data is unchanged. Any man in the middle attacks no longer work as the middle man does not have the session key and therefore cannot generate a valid encrypted hash for the message.
Essentially a MAC is just an encrypted hash. It’s a combination of an encryption session key and a hashing algorithm.
Some example methods available in .NET include HMACMD5 a MAC algorithm based on MD5 hashing, and HMACSHA1 a MAC algorithm based on SHA1 hashing.
Example code for generating a random session key, this key is required to encrypt the hash code. // Create a random key using a random number generator. // This would be the secret key shared by sender and receiver.byte[] secretkey = new Byte[64];// RNGCryptoServiceProvider is an implementation of// a random number generator.RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();// The array is now filled with random bytes.rng.GetBytes(secretkey);
Example code for generating a MAC using HMACMD5. //hashes work with bytes, need to converts text to bytes byte[] data = Encoding.Unicode.GetBytes(this.txtSend.Text);// Initialize the keyed hash object. HMACMD5 hmacMD5 = new HMACMD5(secretkey);byte[] macSender = hmacMD5.ComputeHash(data);
Example code to check whether a MAC is valid for the data.//hashes work with bytes, need to converts text to bytes byte[] data = Encoding.Unicode.GetBytes(this.txtRecieved.Text);// Initialize the keyed hash object. HMACMD5 hmacMD5 = new HMACMD5(secretkey);byte[] macReciever = hmacMD5.ComputeHash(data);bool tampered = false;// compare the computed hash with the stored valuefor (int i = 0; i < macReciever.Length; i++){ if (macReciever[i] != macSender[i]) { tampered = true; break; }}MessageBox.Show("Message has been tampered with: " + tampered);
Digital Signatures; as a means to verify the data source.
Digital signatures are an adaptation of MAC that provide the same advantages but with the added ability to verify the data’s source/sender. MACs only verify that the data never changed but they cannot be used to check that the data actually came from the person who claims to have sent it.
The only real difference in MAC and digital signatures is the key used to encrypt the hash. In MACs the key is a shared symmetric session key. In digital signature the keys used are public/private asymmetric keys.
Since the two keys of asymmetric encryption are mathematically related to each other one key can be used to verify that the encryption was done with the other key. With digital signatures the sender encrypts the hash using their private key while the receiver verifies the digital signature using the sender’s public key. Of course since the public key is more freely available then anyone can verify the message’s source.
So, for example, Bob wants to send Alice some data and Alice wants to be able to check the data was unchanged and came from Bob. Bob creates the hash and encrypts it into a digital signature using his private key. He sends the data and the digital signature over to Alice.
Alice uses Bob’s public key to verify that the digital signature was created using Bob’s corresponding private key. If everything checks out then Alice knows the message hasn’t been modified and that it came from Bob.
.NET provides DSA and XML Digital Signatures for creating digital signatures. XML Digital Signatures can be used to sign data in a variety of ways (enveloping, enveloped and detached) however I have not covered them here.
Example code of generating a digital signature:
First of all a hash is created from the data being sent. byte[] data = Encoding.Unicode.GetBytes(this.txtSend.Text);//sha1 crypto service, digital signatures are created from the hashSHA1 sha = new SHA1CryptoServiceProvider();byte[] hash = sha.ComputeHash(data);
This hash is then used to create the digital signature.//Create a new instance of DSACryptoServiceProvider.//DSA contains asymmetric public and private key informationDSACryptoServiceProvider DSA = new DSACryptoServiceProvider(); //TODO, load the sender private key into DSACryptoService here. //Create an DSASignatureFormatter object and pass it the //DSACryptoServiceProvider to transfer the key information.DSASignatureFormatter DSAFormatter = new DSASignatureFormatter(DSA); //Set the hash algorithm to SHA1.DSAFormatter.SetHashAlgorithm("SHA1"); //Create a signature from the hashbyte[] signature = DSAFormatter.CreateSignature(hash);
Example code of verifying a digital signature:
The hash of the received message must be generated.byte[] data = Encoding.Unicode.GetBytes(this.txtRecieved.Text);//sha1 crypto service, digital signatures are created from the hashSHA1 sha = new SHA1CryptoServiceProvider();byte[] hash = sha.ComputeHash(data);
The hash is then used with the public key to verify the signature.//Create an DSASignatureDeformatter object and pass it the //DSACryptoServiceProvider to transfer the key information.DSASignatureDeformatter DSADeformatter = new DSASignatureDeformatter(DSA); //Create a new instance of DSACryptoServiceProvider.//DSA contains asymmetric public and private key informationDSACryptoServiceProvider DSA = new DSACryptoServiceProvider(); //TODO, the sender public key into DSACryptoService here. //get the signature sent with the messagebyte[] signature = GetMessageDigitalSignature(); //Verify the hash and the signatureif (DSADeformatter.VerifySignature(hash, signature)){ MessageBox.Show("The signature was verified.");}else{ MessageBox.Show("The signature was not verified.");}
Summary
Hashes on there own are a great way to determine if data has been modified either since it was last saved or sent. The data and hash are both sent/saved together. To verify the hash matches the data a new hash is created from the data and if the two hash values match then the data hasn’t changed.
Hashes on their own are open to man in the middle attacks where a malicious person intercepts the data modifies its meaning and generates a new hash for the modified message. Checking the hash will still result in verification even though the data has been changed.
MAC can be used to prevent this by encrypting the hash using a shared symmetric session key. Both parties using the data need to have the same session key for this to work. To check the MAC the sender sends the message along with a encrypted hash code, the receiver generates their own encrypted hash code for the message using the same session key. If both encrypted hashes are the same then the message is verified. This work well but to verify that the data is unchanged and came from the correct source digital signatures are used.
Digital signatures are like MACs but instead of the hash code being encrypted with a shared symmetric key a public/private asymmetric key is used instead. With digital signatures the hash code is signed by the private key and verified with the public key.
Let�s say Alice and Bob decide to sign digitally, a contract between them which is highly confidential. Here�s the protocol they can use to digitally sign the contact:
Alice and Bob each get a copy of the file containing the contract.
Bob prepares a message and computes the hash of it and encrypts the hash value with his private key called Signature Block.
Then he encrypts the message with Alice's Public Key.
He sends two files to Alice: encrypted hash and message.
Upon receiving, Alice decrypts hash value with Bob's public key.
Then she decrypts message with her private key.
She then computes the hash of this message.
Finally, she compares the two hash values. If they are same, the signature is �good�, otherwise bad.
If Bob wants to cheat Alice, he has a big problem. Since Alice knows his RSA public key because she made it well private. Therefore, the entire encrypted message serves as a �digital signature�. So the message is authenticated both in terms of source and in terms of data integrity.
What is Hash?
Hashes are known as One way functions, that is their mathematical property of non reversibility. Further more, they are also known as Message digest functions because message is reduced or digest to a fixed-length number that is smaller than the message. Hashes are the actual sum of ASCII values of all letters of message, and no matter how long the input data is, the hash is always the same number of bits.
.NET provides us with following Hash algorithms:
MD5CryptoServiceProvider (Message digest 5)
SHA1CryptoServiceProvider (Secure hash algorithm with key size 160-bits)
SHA256Managed (Secure hash algorithm with key size 256-bits)
SHA384Managed (Secure hash algorithm with key size 384-bits)
SHA512Managed (Secure hash algorithm with key size 512-bits)
HMACSHA1 (Hash-based Message Authentication Code using the SHA1 hash function)
MACTripleDES (Message Authentication Code using the TripleDES for the input data)
Also, .NET provides us with following Digital Signature Algorithms:
DSACryptoServiceProvider (Digital Signature Algorithm)
RSACryptoServiceProvider (Rivest, Shamir and Adlemen)
We will use RSA algorithm since it can be used not only for digital signatures, but for also encryption and decryption. It is tiny but a bit faster than DSA algorithm which can only be used for digital signing, issued by NIST (National Institute of Standards and Technology).
Let us implement this concept in .NET framework 1.1.
Implementation
Start a new Windows Application project and assign a name �digital signing� and do the following�:
Add a new form names FORM1 with controls on it as: (Interface should be like the form as shown below: for more clarity, download code)
GroupBox named Bob (sender) with following controls on it:
Label control, three TextBoxes for output.
A Button named Button1 with Text property as �&Encrypt Plaintext using Receiver's (Alice) Public Key�.
A Button named Button1 with Text property as �Generate &Signature Block using Sender's (Bob) Private Key�.
GroupBox named Alice (receiver) with following controls on it:
A TextBox control for output.
A Button named Button3 with Text property as �Verify Signature block using sender's (Bob) Public Key�.
A Button named Button4 with Text property as �&Decrypt plaintext using receiver (Alice) private key�.
A Button named Button5 which is the Exit button.
Form1
That�s all for the interface. Now, it's time for coding. Let�s start it:
Code listing for �Form1�:
Collapse Copy CodeImports System.Text Public Class Form1 �Main interface form Inherits System.Windows.Forms.Form Private Sub Button3_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles Button3.Click 'Verify the signature is authentic using 'the sender's public key(decrypt Signature block) If myReceiver.VerifyHash(mySender.PublicParameters, _ encrypted, signature) Then MsgBox("Signature Valid", MsgBoxStyle.Information) Button4.Enabled = True Else MsgBox("Invalid Signature", MsgBoxStyle.Exclamation) Button4.Enabled = False End If End Sub Private Sub Button1_Click_1(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles Button1.Click If Me.TxtPlainText.Text = "" Then MsgBox("Please enter a string to sign", MsgBoxStyle.Information) Exit Sub End If 'Convert the data string to a byte array. toEncrypt = enc.GetBytes(TxtPlainText.Text) 'Encrypt data using receiver's public key. encrypted = mySender.EncryptData(myReceiver.PublicParameters, toEncrypt) 'convert to base64/Radix output TextBox1.Text = Convert.ToBase64String(encrypted) Me.Button2.Enabled = True End Sub Private Sub Button2_Click_1(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles Button2.Click 'Hash the encrypted data and generate a signature block on the hash ' using the sender's private key. (Signature Block) signature = mySender.HashAndSign(encrypted) 'convert to base64/Radix output TextBox2.Text = Convert.ToBase64String(encrypted) Me.Button3.Enabled = True End Sub Private Sub Button4_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles Button4.Click TextBox3.Text = myReceiver.DecryptData(encrypted) End Sub Private Sub Form1_Load(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles MyBase.Load Button2.Enabled = False Button3.Enabled = False Button4.Enabled = False End Sub Private Sub Button5_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles Button5.Click myReceiver = Nothing mySender = Nothing End End Sub End Class
Now, do the following:
Add a Class to project and name it �Bob� which plays a role of sender.
Add another Class and name it �Alice� which plays a role of receiver.
Add a Module named �Global� for global declarations of variables.
Code listing for Class �Bob�:
Collapse Copy CodeImports System.Security.CryptographyImports System.Text Public Class Bob '======================================================= �Bob Sender is who want to exchange and prepares a encrypted message '======================================================= Private rsaPubParams As RSAParameters 'stores public key Private rsaPrivateParams As RSAParameters 'stores private key Public Sub New() 'create new instance of RSACryptoServiceProvider Dim rsaCSP As New RSACryptoServiceProvider 'Generate public and private key data and allowing their exporting. 'True to include private parameters; otherwise, false rsaPrivateParams = rsaCSP.ExportParameters(True) rsaPubParams = rsaCSP.ExportParameters(False) End Sub 'New Public ReadOnly Property PublicParameters() As RSAParameters Get 'just return public key Return rsaPubParams End Get End Property 'Manually performs hash and then signs hashed value. Public Function HashAndSign(ByVal encrypted() As Byte) As Byte() 'create new instance of RSACryptoServiceProvider Dim rsaCSP As New RSACryptoServiceProvider 'create new instance of SHA1 hash algorithm to compute hash Dim hash As New SHA1Managed 'a byte array to store hash value Dim hashedData() As Byte 'import private key params into instance of RSACryptoServiceProvider rsaCSP.ImportParameters(rsaPrivateParams) 'compute hash with algorithm specified as here we have SHA! hashedData = hash.ComputeHash(encrypted) ' Sign Data using private key and OID is simple name ' of the algorithm for which to get the object identifier (OID) Return rsaCSP.SignHash(hashedData, CryptoConfig.MapNameToOID("SHA1")) End Function 'HashAndSign 'Encrypts using only the public key data. Public Function EncryptData(ByVal rsaParams As RSAParameters, _ ByVal toEncrypt() As Byte) As Byte() 'create new instance of RSACryptoServiceProvider Dim rsaCSP As New RSACryptoServiceProvider ''import private key params into instance of RSACryptoServiceProvider rsaCSP.ImportParameters(rsaParams) 'true to use OAEP padding PKCS#1 v2 (only available on Windows XP or later) ' otherwise, false to use Direct Encryption using PKCS#1 v1.5 padding Return rsaCSP.Encrypt(toEncrypt, False) End Function 'EncryptData End Class 'Bob
Code listing for Class �Alice�:
Collapse Copy CodeImports System.Security.CryptographyImports System.TextPublic Class Alice '========================================= ' Alice is Receiver who will decrypt data from sender '======================================== Private rsaPubParams As RSAParameters ' stores public key Private rsaPrivateParams As RSAParameters 'stores private key Public Sub New() 'create new instance of RSACryptoServiceProvider Dim rsaCSP As New RSACryptoServiceProvider 'Generate public and private key data and allowing their exporting. 'True to include private parameters; otherwise, false rsaPrivateParams = rsaCSP.ExportParameters(True) rsaPubParams = rsaCSP.ExportParameters(False) End Sub 'New Public ReadOnly Property PublicParameters() As RSAParameters Get 'Just return public key Return rsaPubParams End Get End Property 'Manually performs hash and then verifies hashed value. Public Function VerifyHash(ByVal rsaParams As RSAParameters, _ ByVal signedData() As Byte, _ ByVal signature() As Byte) As Boolean 'create new instance of RSACryptoServiceProvider Dim rsaCSP As New RSACryptoServiceProvider 'create new instance of SHA1 hash algorithm to compute hash Dim hash As New SHA1Managed 'a byte array to store hash value Dim hashedData() As Byte 'import public key params into instance of RSACryptoServiceProvider rsaCSP.ImportParameters(rsaParams) 'compute hash with algorithm specified as here we have SHA1 hashedData = hash.ComputeHash(signedData) ' Sign Data using public key and OID is simple name ' of the algorithm for which to get the object identifier (OID) Return rsaCSP.VerifyHash(hashedData, _ CryptoConfig.MapNameToOID("SHA1"), signature) End Function 'VerifyHash 'Decrypt using the private key data. Public Function DecryptData(ByVal encrypted() As Byte) As String 'a byte array to store decrypted bytes Dim fromEncrypt() As Byte ' holds orignal message Dim roundTrip As String 'create new instance of RSACryptoServiceProvider Dim rsaCSP As New RSACryptoServiceProvider 'import private key params into instance of RSACryptoServiceProvider rsaCSP.ImportParameters(rsaPrivateParams) 'store decrypted data into byte array fromEncrypt = rsaCSP.Decrypt(encrypted, False) 'convert bytes to string roundTrip = enc.GetString(fromEncrypt) Return roundTrip End Function 'DecryptData End Class � Alice
Code listing for Module �Global�:
Collapse Copy CodeImports System.TextModule Global 'Hold message in bytes Public toEncrypt() As Byte 'holds encrypted data Public encrypted() As Byte 'holds signatures Public signature() As Byte 'instance of class Bob Public mySender As New Bob 'instance of class Alice Public myReceiver As New Alice 'new instance of Unicode8 instance Public enc As New UTF8EncodingEnd Module
ISHIKA TECHNOLOGIES PVT. LTD.Licensed Registration Authority (LRA), of mtnlTrustLine for distribution of Digital Signature Certificate all over India.
Digital Signature Certificates (Class 2 Individual) for MCA21/ ROC / INCOME TAX E-FILLING valid for 2 years @ Rs. 800/- only (including charges for Processing, Support / Services / Courier etc.) Limited time offer! USB e-token available at extra cost @ Rs. 400/- (all inclusive).Full payment to be made either in cash or DD/cheque favoring “ISHIKA TECHNOLOGIES PRIVATE LIMITED ” payable at Kolkata.
Rs. 800/- all inclusive for DSC - Class 2 (2yr) without e-tokenRs. 1,200/- all inclusive for DSC - Class 2 (2yr) with e-token
Tata Consultancy Services Digital Signature Certificate
Get TCS DSC Class 2 Individual Certificate valid for 2 years with e-token together @ Rs.1999/-only.
Get DSC Renewal for 2 Years @ Rs 999/- Only.
For More Details Contact Now!!!Vinod: 9836384222/Kiran: 25301072/Ashish: 9830084221
Get or create your own digital signature
http://office.microsoft.com/en-us/help/HA100997641033.aspx
This article explains why you need a digital signature (or digital ID) to digitally sign a Microsoft Office document and how you can get one.
What is a digital signature?
A digital signature or ID is more commonly known as a digital certificate (certificate: A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver's license, can expire or be revoked.). To digitally sign an Office document, you must have a current (not expired) digital certificate. Digital certificates are typically issued by a certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.), which is a trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.) third-party entity that issues digital certificates for use by other parties. There are many commercial third-party certificate authorities from which you can either purchase a digital certificate or obtain a free digital certificate. Many institutions, governments, and corporations can also issue their own certificates.
A digital certificate is necessary for a digital signature because it provides the public key (public key: The nonsecret half of a cryptographic key pair that is used with a public key algorithm. Public keys are typically used when verifying a digital signature or when encrypting data that can be decrypted with the corresponding private key.) that can be used to validate the private key (private key: The secret half of a cryptographic key pair that is used with a public key algorithm. Private keys are typically used when digitally signing data or decrypting data that has been encrypted with the corresponding public key.) that is associated with a digital signature. Digital certificates make it possible for digital signatures to be used as a way to authenticate (authenticate: The process of verifying that people and products are who and what they claim to be. For example, confirming the source and integrity of a software publisher's code by verifying the digital signature used to sign the code.) digital information.
Top of Page
How can I get my own digital signature?
If you try to digitally sign an Office document without a digital certificate, the Get a Digital ID dialog box appears, and you are asked to select how you want to get your own digital signature.
You have two options for getting a digital signature:
Get a digital signature from a Microsoft partner
Create your own digital signature
To learn more about each option, see the following sections.
Get a digital signature from a Microsoft partner
If you select the option Get a digital ID from a Microsoft partner in the Get a Digital ID dialog box, you are redirected to the Microsoft Office Marketplace, where you can purchase a digital certificate from one of the third-party certificate authorities (CAs) with an Office Marketplace listing.
If you plan to exchange digitally signed documents with other people, and you want the recipients of your documents to be able to verify the authenticity of your digital signature, it is a good idea to obtain a digital certificate from a reputable third-party certificate authority (CA).
Create your own digital signature
If you do not want to purchase a digital certificate from a third-party certificate authority, or if you want to digitally sign your document immediately, you can create your own digital certificate by selecting the Create your own digital ID option in the Get a Digital ID dialog box.
To create your own digital certificate
1. In the Get a Digital ID dialog box, select Create your own digital ID.
Important The Get a Digital ID dialog box appears only if you attempt to digitally sign a document without a digital certificate.
2. In the Create a Digital ID dialog box, type the following information to include in your digital signature:
§ In the Name box, type your name.
§ In the E-mail address box, type your e-mail address.
§ In the Organization box, type the name of your organization or company.
§ In the Location box, type your geographic location.
3. Click Create.
Note If you digitally sign a document by using a digital certificate that you created, and then you share the digitally signed file, other people cannot verify the authenticity of your digital signature. Your digital signature can be authenticated only on the computer on which you created the digital signature.
http://encyclopedia2.thefreedictionary.com/digital%20certificate
