The digital signature cryptographically binds an electronic identity to a digital document using mathematical techniques. It aims at providing the highest level of assurance of the signer’s identity.<\/p>\n\n\n\n\n
The ultimate goal of digital signatures is to ensure three main aspects:<\/p>\n\n\n\n
- \n
- Authentication:<\/strong> the content was created by a known sender. Meaning that the person who created the content is the one who is represented in the signature.<\/li>\n\n\n\n
- Integrity:<\/strong> the content was not changed or altered during transmission. Meaning that it is exactly how it was when signed by the signer.<\/li>\n\n\n\n
- Non-repudiation<\/strong>: the entity who signed the content can’t deny, later, the ownership or validity of the signed content.<\/li>\n<\/ol>\n\n\n\n
2. Digital Signature vs Handwritten Signature<\/h2>\n\n\n\n
Theoretically, digital signatures are equivalent to traditional handwritten signatures. Yet, they are modern alternatives to signing documents with paper and pen. <\/p>\n\n\n
\n![\"Digital](\"https:\/\/technocript.com\/wp-content\/uploads\/2020\/11\/DigitalSignature_SignHere.jpg\")
<\/figure>\n<\/div>\n\n\n<\/div>\n\n\n\nOne of the main differences between them is the security and reliability levels provided by the digital form.<\/p>\n\n\n\n
However, due to the encryption methodology behind digital signatures, they can’t be copied to other documents. On the other side, handwritten signatures could be easily replicated between documents. Either by digitally copying the signature image or by manually imitating it on other documents.<\/p>\n\n\n\n
Additionally, traditional signatures usually exist only on the first\/last page of the document. Making it fairly easy for other pages to be replaced after the signature is applied. Nevertheless, digital signatures are applied to the entire document. Being able to indicate the tampering or modification of any part of the document content.<\/p>\n\n\n\n
3. Digital Signature vs Electronic Signature <\/h2>\n\n\n\n
Electronic signatures<\/a> (or e-signatures) and digital signatures are often used interchangeably, but each one refers to a distinct and relatively different term.<\/p>\n\n\n\n\n
<\/div>\n\n\n\n\nBroadly speaking, e-signatures are the wide umbrella that covers the digital form of handwritten signatures. More specifically, an electronic signature is a legal concept that aims at capturing a person\u2019s intent to be legally bound to an agreement or contract. Thus, the broader term of e-signatures often includes digital signatures.<\/p>\n\n\n\n
On the other hand, a digital signature is a specific technique used to implement electronic signatures. It refers to encryption\/decryption technology based on public-key cryptography<\/a>. Thus, a digital signature itself is not an e-signature, it needs to be validated by an e-signing application to secure the e-signed documents.<\/p>\n\n\n\n
4. The Idea of Digital Signatures<\/h2>\n\n\n\n
The main prenciple behind digital signatures is the usage of a pair of keys called: Public Key and Private Key.<\/p>\n\n\n\n
4.1. Public Key Infrastructure<\/h3>\n\n\n\n
Digital signatures employ a set of standards called Public Key Infrastructure (PKI)<\/a>. This means each digital signature transaction combines two keys (two pieces of code): a public key and a private key. <\/p>\n\n\n\n\n
<\/div>\n\n\n\n\nAs its name indicates, the private key must remain private and confidential. It should not be shared with others and is only used to sign the document. <\/p>\n\n\n\n
On the other hand, the public key is not confidential and can be shared with all those who need to validate the signature.<\/p>\n\n\n\n
4.2. How Do Digital Signatures Work?<\/h3>\n\n\n\n
Using the key pairs, digital signatures prove that the digital content was not modified since it was signed. <\/p>\n\n\n\n
To do so, the sender generates a unique hash<\/span> of the message or document. This hash is distinctive and tightly related to the content. Changing any part of the content will definitely change the hash. Then, the sender encrypts the generated hash using the sender\u2019s private key.<\/p>\n\n\n
\n![\"Technocript.com](\"https:\/\/technocript.com\/wp-content\/uploads\/2020\/04\/LogoHappy.png\")
<\/figure>\n<\/div>\n\n\nAfterward, the signed content is sent to the recipient, along with the encrypted hash. <\/p>\n\n\n\n
Once received, the recipient re-generates the content hash and decrypts the sender\u2019s hash using the sender\u2019s public key. Then, original and re-generated hash values are compared. If they match, the content was not modified and the sender is authenticated.<\/p>\n\n\n\n
5. Digital Signature Process<\/h2>\n\n\n\n
As mentioned before, the digital signature process depends on hashing and encryption mechanisms. Where a pair of public and private keys are used. <\/p>\n\n\n\n\n
<\/div>\n\n\n\n\nTo clearly explain this mechanism, we describe the individual steps of the entire process.<\/p>\n\n\n\n
Let’s consider this scenario: a sender (S) is sending a document (DOC) to a recipient (R):<\/p>\n\n\n\n
5.1. Sender Side:<\/h3>\n\n\n\n
- \n
- Keys Generation:<\/strong> a key generation algorithm randomly generates two unique keys for the sender. A public key (PBK) and a private key (PVK).<\/li>\n\n\n\n
- Sender Hash Generation:<\/strong> a unique hash (HSH) is generated for the document (DOC). Any modification to the content will modify the hash.<\/li>\n\n\n\n
- Hash Encryption:<\/strong> the generated hash (HSH) is encrypted using the sender’s private key (PVK). The resulting hash is (EHSH).<\/li>\n\n\n\n
- Appending:<\/strong> the encrypted hash (EHSH) and sender’s public key (PBK) are appended to the document (DOC).<\/li>\n\n\n\n
- Sending:<\/strong> the message is sent to the recipient (R), which contains the sender’s document (DOC), sender’s encrypted hash (EHSH), and sender’s public key (PBK).<\/li>\n<\/ol>\n\n\n\n
\n
At this stage, the document hash which was generated and then encrypted using the sender’s private key is called the document’s digital signature.<\/p>\n<\/blockquote>\n\n\n\n
The following figure describes the digital signature steps on the sender side.<\/p>\n\n\n
\n![\"Digital](\"https:\/\/technocript.com\/wp-content\/uploads\/2020\/11\/DigitalSignatureProcess_SenderSide.jpg\")
Digital Signature – Sender Side<\/figcaption><\/figure>\n<\/div>\n\n\n\n <\/div>\n\n\n\n\n5.2. Recipient Side:<\/h3>\n\n\n\n
- \n
- Receiving:<\/strong> the recipient (R) receives the message with its three elements, assuming no modifications were made to any of them.<\/li>\n\n\n\n
- Recipient Hash Generation:<\/strong> upon receiving the document (DOC), the recipient re-generates the document’s hash. The resulting hash is (HSH2).<\/li>\n\n\n\n
- Hash Decryption:<\/strong> using the sender’s public key (PBK), the recipient decrypts the received encrypted hash (EHSH). The resulting hash is (HSH).<\/li>\n\n\n\n
- Hash Comparison:<\/strong> the recipient’s re-generated hash (HSH2) and the sender’s decrypted hash (HSH) are compared to each other.<\/li>\n\n\n\n
- Authenticity Check:<\/strong> if the compared hashes match, the document (DOC) was not altered and it is accepted. Otherwise, modifications have been made to at least one of the three elements, and the entire message is rejected.<\/li>\n<\/ol>\n\n\n\n
The following figure describes the digital signature steps on the recipient side.<\/p>\n\n\n
\n![\"Digital](\"https:\/\/technocript.com\/wp-content\/uploads\/2020\/11\/DigitalSignatureProcess_RecipientSide.jpg\")
Digital Signature – Recipient Side<\/figcaption><\/figure>\n<\/div>\n\n\n\n <\/div>\n\n\n\n\n6. Is Digital Signature Legally Acceptable? <\/h2>\n\n\n\n
As mentioned before, the digital signature is an implementation of the legal concept of e-signatures. It produces a unique digital fingerprint for a person or entity and uses it to identify digital users and protect their information. <\/p>\n\n\n\n
Nowadays, e-signatures are widely accepted as a legal method for digitally signing documents. They are currently the safest and most accepted methods for the legal representation of a digital identity.<\/p>\n\n\n\n
Digital signatures are considered legal and hold the same position as traditional handwritten signatures in many regions. Nevertheless, we always recommend seeking independent professional advice to check if digital signatures are accepted, considering the region and context where they are being used.<\/p>\n\n\n\n
7. Digital Certificate vs<\/strong> Digital Signature<\/h2>\n\n\n\n
Digital certificates and digital signatures are closely related concepts being used interchangeably. From a technical perspective, digital certificates and digital signatures refer to different things. <\/p>\n\n\n\n\n
<\/div>\n\n\n\n\nThe digital signature uses a pair of keys to work. One of them is public and can be shared with any party which needs to validate the signature. Remember that digital signatures are also used to validate the identity of the message, not only if it has been altered on its way.<\/p>\n\n\n\n
In this context, the digital certificate<\/a> (also known as a public-key certificate or identity certificate) is a digital document being used to prove the ownership of the public key. <\/p>\n\n\n\n
Hence, once the message is received and successfully validated, the recipient uses the digital certificate to verify the identity of the sender.<\/p>\n\n\n\n
A digital certificate often contains:<\/p>\n\n\n\n
- \n
- Public Key Info:<\/strong> details about the public key.<\/li>\n\n\n\n
- Subject Name:<\/strong> details about the public key owner identity.<\/li>\n\n\n\n
- Issuer Name:<\/strong> the digital signature of the entity that has issued the certificate, also called Certified Authority (see the next paragraph).<\/li>\n\n\n\n
- Validity:<\/strong> details about issuance and expiration dates.<\/li>\n\n\n\n
- Other related information.<\/li>\n<\/ul>\n\n\n
\n![\"Digital](\"https:\/\/technocript.com\/wp-content\/uploads\/2020\/11\/DigitalCertificate_Wikipedia.jpg\")
Example of a Digital Certificate (source: Wikipedia<\/a>)<\/figcaption><\/figure>\n<\/div>\n\n\n 8. Certificate Authority (CA)<\/strong><\/h2>\n\n\n\n
For each digital signature transaction, a pair of public and private keys are used. Certificate Authority (CA)<\/a> is a trusted organization recognized for issuing and maintaining these keys.<\/p>\n\n\n\n\n
- Subject Name:<\/strong> details about the public key owner identity.<\/li>\n\n\n\n
- Recipient Hash Generation:<\/strong> upon receiving the document (DOC), the recipient re-generates the document’s hash. The resulting hash is (HSH2).<\/li>\n\n\n\n
- Sender Hash Generation:<\/strong> a unique hash (HSH) is generated for the document (DOC). Any modification to the content will modify the hash.<\/li>\n\n\n\n
- Integrity:<\/strong> the content was not changed or altered during transmission. Meaning that it is exactly how it was when signed by the signer.<\/li>\n\n\n\n