When we talk about digital signature actually we are referring to many related concepts, among which are electronic documents, cryptographic keys, digital certificates, mathematical functions, certification authorities, public key infrastructures, and many other names that are especially complicated or unknown.
The following questions seek to clarify these terms:
- What is the digital signature?
- How it works
- Private keys and public keys?
- What are digital certificates?
- What is inside a digital certificate?
- What legal value does the digital signature?
- What Infrastructure is a Digital Signature?
What Is A Digital Signature?
The digital signature is a technological tool to guarantee the authorship and integrity of digital documents, allowing them to enjoy a feature that was only typical of paper documents.
A digital signature is a set of data associated with a digital message that guarantees the identity of the signer and the integrity of the message.
The digital signature does not imply ensure message confidentiality; digitally signed the document can be viewed by other people, like when it is signed holographically.
The digital signature is an instrument with technical specifications and regulations. This means that there are technical procedures that allow the creation and verification of digital signatures, and there are regulatory documents supporting the legal value of these firms possess.
How Does It Work?
The digital signature works by using complex mathematical procedures that relate to the document signed with its own signer information and allow third parties to recognize the signer’s identity and ensure that the contents have not been modified.
The signer generated by a mathematical function, a fingerprint of the message, which is encrypted with the private key of the signer. The result is what is called digital signature, to be sent attached to the original message. Thus the signed document attached to a brand that is unique to that document and that only he is capable of producing.
To perform the verification message, first the receiver will generate the fingerprint of the received message, then decrypt the digital signature of the message using the public key of the signer and thus get the fingerprint of the original message; If both fingerprints match, it means that no alteration and that the signer is who he claims to be.
Private Keys And Public Keys?
In developing a digital signature verification and corresponding complex mathematical procedures based on asymmetric cryptography (also called public key cryptography) are used.
In an asymmetric cryptographic system, each user has a key pair itself. These two keys, called the private key and public key, have the characteristic that although they are strongly interrelated, it is not possible to calculate the first from the data of the second, nor from the documents encrypted with the key private.
The system operates so that information encrypted with one key can only be decrypted with the other. Thus if a user figures certain information with your private key, anyone who knows your public key can decrypt it.
Consequently, if possible decrypt a message using the public key of a person, then it can be said that the message was generated by that person using your private key (proving authorship).
What Are Digital Certificates?
Digital certificates are the digital documents in smaller sizes that certify the link between the individual/entity and the public key. Thus possible to verify that a specific public key belongs indeed to a certain individual. A digital certificate helps to prevent someone from being impersonated.
In some cases, it may be necessary to create a chain of certificates, each certifying the run so that the parties involved trust the identity in question.
What Is Inside A Digital Certificate?
In general terms, it can be defined as the certificate that contains a name and a public key. It is similar to credit cards that have an expiration date and a name with the certification of the authority that has issued it. It also contains a serial number and various other information. But most importantly, the certificate itself is digitally signed by the issuer.
Its format is defined by the international ITU-T X.509 standard. Thus, it can be read or written by any application that meets the above-mentioned standard.
What Legal Value Does The Digital Signature Hold?
Argentina legislation for the terms “Digital Signature” and “Electronic Signature” do not have the same meaning. The difference is attributed probative value to each of them, as in the case of the “Digital Signature” there is a presumption “rebuttable” in his favor; This means that if a digitally signed document is verified correctly, is presumed unless proven otherwise that comes from the subscriber associated certificate and that was not changed. By contrast, in the case of electronic signatures, if unknown by the holder, for a party who invokes prove their validity.
Moreover, to recognize that a document has been digitally signed requires that the signer digital certificate has been issued by a licensed certification (ie it has the approval of the Licensing Institution).
That is why, although we understand that in technical environments usually uses the term Digital Signature to refer to the technological instrument, regardless of their legal relevance, we ask all providers of certification services, disseminators of technology, consultants, etc. employing the correct name as is the case in order not to cause confusion regarding the characteristics of the firm in question.
Argentina’s legislation uses the term “Digital Signature” method to the term “Advanced Electronic Signature” used by the European Community or “Electronic Signature” used in other countries such as Brazil or Chile.
What is a Digital Signature Infrastructure?
In our country, it is called “Infrastructure Digital Signature” set of laws, complementary legislation, legal obligations, hardware, software, databases, networks, technology standards, and safety procedures that allow different entities (individuals or organizations) identify each other safely to transact networks (eg. Internet) way.
Actually, this definition is known worldwide with the acronym stands PKI Public Key Infrastructure or Public Key Infrastructure.