A digital signature is similar to a regular signature on a printed document. It is created using cryptographic algorithms. A digital signature confirms the authenticity and integrity of the signed object.
For a document to become legally binding it must be signed. Paper documents are signed by one’s own hand and for digital documents an electronic or digital signature is used – unique digital information in the form of a combination of characters. From this information you can find out exactly who and when signed the document. Thus, digital signatures are an official legally approved analogue of handwritten signatures, which are used to sign digital documents and certify paper documents converted into digital format.
Technically a digital signature certificate is obviously different from a handwritten signature, but it serves the same purpose to identify the signer. Such a signature is created using special software tools, it is always unique and cannot be faked. When a digital document is signed, changes or additions are no longer available, therefore the document cannot be faked – you can only create a new one.
While the paper document can be easily lost, a digitally signed document is fully protected from any malicious actions and can have any number of backup copies. The emergence of digital signature technology led to the appearance of the first systems of legally significant electronic document management. Taxpaying enterprises were able to submit reports assured with a digital signature to the tax authorities via the Internet. .Bank-Client systems have also become very popular. Various organizations are currently using such systems to make electronic money transfers where payment orders are signed with digital signatures. All recorded transactions are stored in a database to keep a track of every money movement.
Enterprises maintain a full-fledged digital legally significant document flow between themselves or regulatory authorities. The digital signature technology has freed everyone from the obligation to maintain paper documents, thus the business has new opportunities to develop in various, even the most remote, regions.
The definition of uniform requirements for a digital signature was the first important step towards creating a single unified information space in which the forms and formats of documents, requirements, roles, powers, responsibilities – all participants in the interaction, including the information systems themselves – would be clearly defined.
Digital signatures are an advanced form of electronic signatures with enhanced security features. These features ensure the authenticity of the signer and the fact that the document has not been tampered with. When the document is signed by the ES a certificate is generated issued by the official certification authority – CA. This certificate is unique for each signer and can be used to verify it. There are other security features available depending on which e-signature solution you choose.
Both digital and electronic signatures are legally binding, but digital signatures are more secure. The decision which kind of signature to use depends on the type of documents you need to sign and on the country in which you sign them.
Different countries have different criteria regarding the level of security required for different types of legal documents and agreements. For example, it may turn out that an employment contract is suitable for an electronic signature, while a lease agreement requires a digital signature.
There are three types of digital signing based on electronic identity and eIDAS -electronic IDentification, Authentication and trust Services:
Simple or Basic electronic signature, BES – these are types of electronic signatures confirming the acceptance or approval of the agreement’s signer. Verification of the identity of the signatory in such a signature is not required. No special software is required either. An example of such a signature is a license agreement acceptance.
Advanced electronic or digital signature, AdES – The signature must meet specific requirements that provide a higher verification level of the signer’s identity, improved security and protection against unauthorized access. The identity of the signatory is verified but not guaranteed. Multi-factor authentication is optional. It usually requires a special device to create a secure signature. Biometrics is an example of such a signature.
Qualified advanced electronic or digital signature, QES – advanced electronic signature technology with a digital certificate encrypted by a secure signature device. It has a special legal status in the EU and has the highest levels of security. It guarantees a100% identification of the signatory. An initial personal verification of the signatory with a multi-factor authentication is mandatory.. A Qualified Signature Creation Device (QSCD) or a Qualified Trust Service Provider (QTSP) is required. The burden of proving the validity of a signature lies with the party contesting the signature. Examples of suchsignatures are smart cards and USB tokens that provide the signer’s private key security and store the personal digital certificate.
The digital signatures provide the user with irrefutable information about the signature creator and the authenticity of the signed content. In other words, it proves:
Digital signatures are a key component of various types of PKI digital certificates. They work on the principle of the asymmetric cryptography. That is when the document is encrypted with the private key and decrypted with the public key.
The process of a digital signature when signing a document is carried out in several stages:
Since the certificates issued by the certification center are also signed using electronic signatures, it is impossible to replace or fake the certificate. On the site of the certification center, as a rule, you can download the public verification key, the hash of which must match the hash of the owner’s public key -this proves its authenticity.
The use of large volumes of different digital signature transactions pursues the following goals in the electronic economy:
The properties of digital signatures mentioned above make them invaluable in the modern digital economy. The digital signatures are used in the following areas among many others:
PGP (Pretty Good Privacy) and PKI (Public key infrastructure). Confirmation of identity or message – the main purpose of these systems – is implemented using a bundle of digital certificates: digital signature, public and private keys. This is common for both systems. The main feature of PKI methodology, unlike PGP, is the presence of components known as a Certificate Authorities (CA) and a Registration Authorities (RA). Thanks to them, it is possible to confirm the authenticity of the identity by third-party authorized organizations.
The presence of CAs and RAs has led to the fact that in the PKI system the dominant direction of authentication is the vertical or hierarchical component when the certificate is confirmed by someone with a higher status. On the other hand, the PGP system has a predominantly horizontal hierarchy structure , or in other words, the “direct trust” scheme. Although, in both systems both vertical and horizontal authentication is possible. Figuratively, one can imagine that in PKI trust is distributed in the form of a tree, and in PGP – in the form of a network.
Any digital signing process, to one degree or another, is in line with the general algorithm:
First, we need too get hash from file that we want to sign. This value will be unique and fixed-length string, that is added to the document information. It is important, that if we try to get hash value from this file again, we will get the same value. But we can not get the file from the hash or get the same hash from another file.
Once we get an encrypted hash value using the encryption key of the document’s digital certificate, we have created a digital signature. For greater reliability, you can also insert the exact date and time the signature was created into it.
We send the recipient our public encryption key and certificate along with a file and its digital signature. The recipient will need to use public key of a signee to create a hash value of the received document and compare it with the hash value in the digital signature. This will let the recipient know if the file is genuine and has not been changed since it was signed. If the file has been modified its hash value will also change and won’t match the one in the signature.
Digital signature technology is a key component of modern cybersecurity systems. From company electronic document flow to online banking, everyone is relying on digital signatures as a means to enforce the security of a digital workflow. Therefore, it is extremely important to properly create systems that use digital signatures and guarantee private keys security. Helenix is a company with a long history in data protection and cryptography. Our expertise will help you implement digital signatures in a secure and convenient way. You can get acquainted with the authentication solutions in the Custom Development section.
A digital signature is similar to a regular signature on a printed document. It can be created for any digital document using cryptographic methods. A digital signature confirms the authenticity and integrity of the signed object.
Digital signature allows you to perform all signing operations remotely and from any device. Organizations are moving to digital signature software solutions to reduce paper usage, cut costs and improve business process efficiency and security.
Public Key Infrastructure PKI is a set of measures and policies that enables to deploy and manage public key cryptography and digital certificates. In addition to being a key store for your browser to secure the personal Internet connections, PKI also provides protection for various infrastructures, including internal communication within organizations, the Internet of Things and so on.
The CA is implemented as a trusted component of the global directory service and is responsible for managing users’ cryptographic pairs of keys. Public keys and other information about users are stored by Certification Authorities in the form of digital certificates.
A digital certificate is an electronic or printed document issued by a Certification Authority that confirms the ownership of a public key and any additional attributes by the owner.