It is a cryptographic instrument that grants the recipient of a signed document the power to recognize the issuer of the same, as well as having the conviction of the sole control of the signer on the use of signature creation data and reaffirm that the document has not been altered since it was signed.
This is why its operation is based on certain public key systems, using codes to send the document. These keys are usually keys that prevent access to third parties, and this is why they are for private use. In this case, the sender’s and the second is public, which is delivered to the receiver to allow access to the document.
What signatory data does a digital signature contain?
It is information that is in electronic format and is not visible in the digital signature as it would be in a traditional handwritten one. Therefore, the cryptographic data and the public key are encoded in a specific format and are processed by specialized security software to verify the authenticity of the signature. In general, it contains the following data of the signatory:
- Signatory ID: may include the name of the person signing, their email address, ID number or any other information that helps to recognize it in a unique way.
- public key: The digital signature is based on key cryptography, where the signer has a pair of keys, one private and one public. So that by having them they can be used to check the authenticity of the signature.
- Cryptographic signature: it includes a set of cryptographic data generated using the signer private key. That information is created from the content of the document or message being signed, where its integrity is guaranteed.
- Timestamp: in some cases, it may also include a sign indicating the exact time the signature was made. This is useful to verify the temporary validity of the same and ensure that it has not been altered later.
What is the digital signature for?
The digital signature has several purposes and Significant security benefits and veracity in digital environments. Furthermore, it is a crucial tool to obtain authenticity and integrity in electronic documents. Some of its uses are:
- Identity authentication: It is one that allows the verification of the signatory of a document or electronic message. By using cryptographic techniques, it ensures that the grantor is who they say they are and has not been forged.
- Content Integrity: protects the correctness of the subject of a document or message. This is why when a signature is generated, a calculation is executed using the contents of the file, allowing detect any modification or subsequent alteration. If the subject is changed after signing, the signature verification will not be successful.
- Non-repudiation: provides a form of non-repudiation, which means that the signatory cannot deny having made the signature. Being based on public key cryptography, only the holder of the corresponding private key can generate a valid signaturewhich prevents the signer from denying his authorship.
- Security in transactions: Generally, this mechanism is used in agreements that are made via the Internet privately, such as contracts, legal agreements, transfers of funds and other important documents. The presence of this signature provides an additional level of trust and security in transactions, since it guarantees the authenticity of the participants and the integrity of the documents involved.
- Legal and regulatory compliance: in many countries it is legally recognized, in such a way that it is considered equivalent to a traditional handwritten signature. As long as you comply with the authentication and evidence requirements necessary in various regulatory contexts, which facilitates the adoption of digital processes and procedures.
How does the digital signature work on a document?
First, the signer generates a private key that is not shared with anyone and a public one that is widely distributed. However, before a document is signed, a digest (hash) unique to its content using a cryptographic function, such as SHA-256. the same is an exclusive digital rendering and fixed of the document.
When the private key is used, the signer performs a cryptographic operation in its summary. This operation creates a unique digital signature for the private key. It is then attached to the original document, either directly in the file or stored in a separate file along with the letter.
However, signature must be verified and for this it can be done by anyone with the public key of the signer. This process involves a cryptographic operation similar to the one performed by the signatory, but this time using the public key and the digital signature attached to the document.
Thus, during verification a new summary of the content is calculated of the document. It is then compared with the one retrieved from the digital signature using the public key. If the summaries are the same, the integrity of the summaries and the authenticity of the signer are guaranteed.
If the digital signature is valid and the digest matches, the document is considered unchanged since it was signed, and the identity of the signatory can be trusted. If it is not valid or the summaries do not match, it indicates that the document has not been altered.
Keep in mind that the process may include additional elements, such as the use of digital certificates issued by trusted certification authoritiesas this helps establish trust in the signer’s public key.
What is the difference between electronic signature and digital signature according to the law?
The difference between the two varies depending on country and legislation to apply. However, broadly speaking, some general differences can be established:
On the one hand, the electronic signature is a broader term that encompasses any method or technique used to show a person’s consent or approval in electronic form. Typically, there are several types of signatures, such as a scanned image, a signature written with a touch device, an electronic signature based on biometrics (fingerprint), or even a click on a button or check box. This is why the laws of each country usually establish specific requirements and conditions for an electronic signature to be legally valid and binding.
However, it is a specific type of electronic signature that meets additional security and cryptographic requirements. Besides, uses algorithms that serve to guarantee the authenticity of the signer and the integrity of the document. In general, it provides a higher level of security and trust compared to other forms of electronic signatures.
The distinction between them is important because, in many countries, it is possible to have a special legal status and is often given greater validity and recognition than other forms of electronic signatures. Therefore, the legal system has the power to require that documents use digital signatures. However, it is relevant consult the legislation applicable in each country so that in this way you can understand the differences and specific requirements related to electronic signatures and digital signatures.
Validity and legal nature
The validity and legal nature may vary depending on the country and the law that applies. However, in many nations in Europe, North America and Latin America, the digital signature is considered legal and valid. Therefore, it has a binding legal nature similar to that of a traditional manuscript.
However, in several jurisdictions it is established that this type of signature has the same legal validity as a handwritten one. This means that digitally signed writings are admissible in court and they have the same probative value than traditionally signed documents.
Although the digital signature is widely recognized, there may be specific parameters that must be met in order for it to be legally valid. These requirements may be the use of certificates issued by trusted authorities, the compliance with cryptographic standards and adherence to signature procedures established by law.
What is the digital certificate?
It is an electronic document issued by a certification authority, which binds the identity of an entity, either natural person or companies, with their public key. It provides a secure way to verify the authenticity of the key associated with a digital signature.
This certificate plays a crucial role in the public key infrastructure (PKIfor its acronym in English), which is the set of technologies and standards that allow the secure management of public keys and the verification of the authenticity of digital signatures.
When checking a digital certificate, the c is usedagency password certificate to verify the digital signature. If it is valid and its authority is trusted, the identity of the holder of the certificate and the integrity of the associated key can be trusted.
The digital certificate contains important information, such as:
- Information of the identity of the person or organization.
- Contains the public key corresponding to the private key used to generate digital signatures.
- Includes information about the certification authority (AC). This makes it possible to verify the trust and validity of the certificate, since the CAs are reliable entities that prove the identity of the registry holders.
- To ensure the integrity of the certificate, it is necessary for the certificate authority to sign it using your own private key.