Digital Signature FAQ

What is a Digital Signature?

Digital Signatures are based on Public Key Technology that uses asymmetric cryptography. Each person's identity is related to a key pair - a private key and a public key. These keys are nothing but mathematical codes. During the signing, once the user initiates the process, a mathematical code is generated with the help of an algorithm and, the digital contents. The code generated, known as the 'message digest', is unique for each process and content. The individual's private key is now used to encrypt this code. This is termed as the 'Digital Signature'.

How does a Digital Signature work?

Digital Signature Signing. During the signing, once the user initiates the process, a mathematical code is generated with the help of an algorithm and, the digital contents. The code generated, known as the 'message digest', is unique for each process and content. The individual's private key is now used to encrypt this code. This is termed as the 'Digital Signature'. Since the private key of a person is involved, the 'Digital Signature' is unique to that individual. This establishes the identity of the signer. This signature is then bound to the message and sent along with the document or the transaction. The public key of the individual is also sent..

Digital Signature Verification

When an individual receives a signed document or transaction, he will initiate the verification process. The public key of the sender is used to decrypt the digital signature and retrieve the message digest. The hash algorithm is applied again to the digital contents to generate another message digest. These two message digests are compared and if they match verification is successful. If there were any changes in the digital contents the resultant message digest would differ from the original one and the verification would fail.

What is the difference between Electronic Signature and Digital Signature?

Digital Signature is the subset of the Electronic Signatures. Digital Signatures and Electronic Signatures have extremely different security properties. An Electronic Signature refers to a signature on an electronic document. It is equivalent to handwritten signature on paper. As per the Uniform Electronic Transactions Act (UETA) an electronic signature is “an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record”. Digital Signatures leverage the underlying PKI infrastructure to provide signing and encryption for documents. While the PKI deals with creation of key pairs and issue / management of digital certificates, digital signature technology deals with use of these keys for various security functions from within the applications.

What are the benefits of using Digital Signatures to sign the electronic documents?

The Digital Signatures have various advantages over the handwritten signatures. The digital signatures allow conversion of processes and transactions to electronic mode thereby reducing time, costs and efforts required for creating and maintaining physical records. More importantly the Digital Signatures are used for maintaining data integrity, as the messages or documents cannot be changed after signing. They also provide authentication, i.e. the receiver of a document or communication is assured of the signer authenticity.

Are the Digital Signatures as legally valid as the handwritten signatures?

If any changes are made to the electronically signed documents, it immediately invalidates the signature. Digital Signatures can be used to authenticate the source of messages, i.e. to assure the receiver that the message has been sent by the authorized source only as it protects the electronic document from forgery.

What are the laws and standards pertaining to Digital Signatures in different parts of the world?

Many countries have enacted laws and regulations related to the electronic signatures and digital signatures. Many laws have been enacted to promote the use of digital signatures. E-Lock Digital Signature solutions are compliant with these e-signatures laws.

1. US E-Sign Act
2. Use of S/MIME as a security measure for online communication
3. The Health Insurance Portability and Accountability Act (HIPAA)
4. 21 CFR Part 11(a regulation governing the use of electronic signatures within the pharmaceutical industry)
5. EU Law
6. Sarbanes-Oxley Act (SOX)
7. Uniform Electronic Transactions Act (UETA)

Check Following Solutions

Automated Server Side
Signing Solution   Web-based Digital Signing
Solution for Integration