Posted by Leyre Soto on June 19, 2018 at 9:00 AM
What is a digital signature? And an electronic signature? Would you know how to recognise the main differences? These two terms refer to different types of signatures. However, many people who are interested in our services are unsure about their main characteristics.
In this post we want to clarify what a digital signature is so that everyone knows what it can be used for and the characteristics associated with it.
This post is also available in Spanish.
Table of contents
Digital and electronic signatures are often used as synonyms, but not all types of electronic signatures have the same security features as truly digital signatures.
In many online articles these two concepts are used interchangeably and this creates confusion when trying to understand what each one is and why they are different to each other.
For both companies and individuals, it is important to know and understand the characteristics and implications of using each type of signature, because each one has some associated risks in terms of security, privacy of information and compliance with the law.
In this post we will define what a digital signature is to explain what its benefits are.
A digital signature, which should not be confused with a digital certificate, is a mathematical technique used to validate the authenticity and integrity of a message, software or a digital document.
A digital signature, as opposed to a traditional signature, is not a name but two “keys” or sequences of separated characters. It applies cryptographic measures to the content of a message or document in order to show the following to the message’s recipient:
All digital signatures are electronic,
but not all electronic signatures are digital.
A digital signature is legal, but its aim is not to attest to the signatory’s willingness like an electronic signature, but just to encrypt the data of a document to give it greater security.
Also a digital signature can be used for a wider range of file types, such as videos, sound, music, etc., making it more versatile than the traditional paper signature.
Any change to the data, even changing or removing just one character will result in a different value. This allows others to validate the integrity of the data by using the signatory’s public key to decrypt the hash.
If the decrypted hash coincides with a second hash calculated from the same data, it proves that the data has not changed since it was signed. If the two hashes do not coincide, the data has been altered in some way (integrity) or the signature was created with a private key that does not correspond to the public key presented by the signatory (authentication).
The digital signatures make it difficult for the signatory to deny having signed something (non-repudiation), assuming that their private key has not been compromised, as the digital signature is unique both for the document and the signatory, and they go together.
A digital certificate, an electronic document that contains the digital signature of the certificate authority, links a public key with an identity and can be used to verify that a public key belongs to a specific person or entity.
Digital signatures are widely used to test the data’s authenticity and integrity and non-repudiation of communications and transactions made online.
The most common concerns that people and organisations have with paper documents are: is the person that signed the document the person they say they are? How can I check that the signature is valid and has not been forged? How can I check if the document has been changed?
As well as making business processes easier and preventing the falsification of messages and key documents, using a digital signature provides additional validation benefits. When you need a guarantee that a message or attached document has not been altered during the transfer, a digital signature helps to avoid unknown alterations going unnoticed.
If the digitally signed content is altered the signature will be invalid, which will notify the sender and the recipient of an infringement. The cryptographic features will avoid a new and valid signature being produced for this message.
When non-repudiation is provided, the message’s sender cannot deny the message’s digital signature at a later date. The recipient or someone who obtains unauthorised access to the message cannot create a false signature.
Most of the non-repudiation methods provide a time stamp that cannot be altered and provide evidence of the digital signature in case the private key has been compromised or revoked.
Conclusion, the digital signature verifies and ensures the following:
If you want to try Signaturit, you can do it for free for 7 days. Sign up now here! If you need more information, you can download the whitepaper posted below or contact us at +34 935 511 480.
If you want more information, get in touch with us through the following form, or call us directly on +34 93 551 14 80.
This post is also available in Spanish.
Subscribe to our newsletter
Digitizing your company with Signaturit is very easy. Sign up for our newsletter and receive 1 email a month with tips, events and product updates.