What Are Digital Signatures?
Enabled by proven public key infrastructure (PKI) technology, digital signatures are widely recognized as a best practice for providing digital verification of electronic transactions.
Digital signatures provide "non-repudiation" — the ability to identify the author and whether the document has been changed since it was digitally signed.
This functionality is particularly useful for workflow processes where one or multiple approvals are required, such as supply-chain management or financial management of forms like expense reports. Digital signatures provide confidence to customers, citizens and consumers that the material actually came from the originating organization.
Depending on organization requirements, Entrust can help with a variety of solutions for the implementation of digital signatures. Entrust Certificates for Adobe CDS enable the signing of Entrust Document Signing Certificates, while digital certificates from Entrust Managed Services PKI can sign a variety of formats, and include authentication and encryption functionality. Entrust also offers secure e-statement delivery via the Entelligence product portfolio.
We are all familiar with paper signatures – a hand-written signature on a paper document. Aside from legal and contractual issues, the primary properties of a paper signature are:
- it is intended to be associated with a particular individual;
- it generally shows a commitment related to a particular document, with the exact meaning depending on context.
Though far from perfect, paper signatures serve surprisingly well in many parts of the world as the basis for business and legal transactions. Societies have learned to use paper signatures in circumstances in which a physical marking on a paper document, augmented by sufficient controls and context, provides sufficient recallable evidence of a commitment related to that document by the marking party. The evidence is important in order to reconstruct circumstances, in the rare case of later disputes.
A digital signature is the term used for marking or signing an electronic document, by a process meant to be analogous to paper signatures, but which makes use of a technology known as public-key cryptography. Additional security properties are required of signatures in the electronic world. This is because the probability of disputes rises dramatically for electronic transactions without face-to-face meetings, and in the presence of potentially undetectable modifications to electronic documents. Digital signatures address both of these concerns, and offer far more inherent security than paper signatures. Compared to all other forms of signatures, digital signatures are by far the most easily verified and the most reliable with respect to providing document integrity.
Comparison of Paper and Digital Signature Properties
|Property||Paper Signatures||Digital Signatures|
|Can be applied to electronic documents and transactions||No||Yes|
|Signature verification can be automated||No||Yes|
|Signature automatically detects alterations to the document||No||Yes|
|Can be used to signify a commitment to a contract or document||Yes||Yes|
|Can be augmented by use of a witness to the signature process||Yes||Yes|
|Recognized by legislation||Yes||Yes|
A digital signature can be thought of as a numerical value, represented as a sequence of characters, and computed using a mathematical formula. The formula depends on two inputs: the sequence of characters representing the electronic data to be signed, and a secret number referred to as a signature private key, associated with the signing party and which only that party has access to. (A matching public key, which can be published for everyone to see like a phone number in a phone directory, allows signature verification.) The resulting computed value, representing the digital signature, is then attached to the electronic data just as a paper signature becomes part of a paper document.
This has two critical results:
- The digital signature can be uniquely associated with the exact document signed, because the first input is the precise sequence of characters representing that data.
- The signature can be uniquely associated with the signing individual, because the second input is the private key that only that individual controls.
Verifying the authenticity of a digital signature also relies on a formula. Here the formula depends on three inputs: the sequence of characters representing the supposedly originally signed electronic data, the public key of the signing party, and the value representing the supposedly authentic digital signature. The formula produces as output a simple answer: yes or no. ‘Yes’ signifies that the digital signature is indeed an authentic digital signature on the presented electronic data, and associated with the party linked to the public key used.
The Process of Creating a Digital Signature includes:
- capturing the entire context of the electronic transaction or document, and precisely what the signer is committing to;
- ensuring that the data displayed to the user accurately reflects the data to be digitally signed;
- requiring the user to signal an understanding of the commitment being made, and a desire to be bound to this;
- authenticating the user in order that the user’s private key becomes available to the signing device;
- computing the signature based on the signer’s private key and the data being signed;
- a timestamp server optionally appending a time-date field to the data and signer’s signature and then signing; and
- forwarding the signed transaction for processing, storage, or subsequent verification.