Digital Signature and it's working

What is a Digital Signature?

Digital signature is a digital equivalent of a handwritten signature but far more secure. It is a mathematical technique used to validate the authenticity and integrity of a message or an electronic document. A digital signature guarantees the authenticity of an electronic document or message in digital communication and uses encryption techniques to provide proof of original and unmodified documentation.

As digital signatures become more common place, let us understand how digital signatures are different from electronic signatures, how they work and why should you adopt them.

Difference between electronic signatures and digital signatures:

There is a difference between electronic and digital signatures, though they are used interchangeably most of the time. Digital signatures are based on globally recognised PKI technology whereas electronic signatures can be simple symbols or images that capture signer’s intent to sign.

For signing documents using digital signatures, signer needs to possess a digital signature certificate that is issued by Certifying Authorities (CA’s). Digital certificates are digital forms of identification, they can be compared to the identification documents such as a passport, driver’s license etc.

On the other hand, electronic signatures, often referred to as e-signatures, are a person's electronic expression of his or her agreement to the terms of a particular document. Electronic signatures do not need digital certificates.

Digital signatures are more secure. Electronic signatures are easy to use but they are not as secure as the digital signatures as they are not regulated by security standards like the digital signatures. Digital signatures are acceptable in most of the countries and are legally binding in the court. Electronic signatures are not accepted in court of law in many countries, as a more secure way of authentication is needed there.

Advantages of using digital signatures:

Digital signatures are more secure:

Handwritten signatures and even electronic signatures can be easily copied or forged, whereas digital signatures use cryptographic algorithms and cannot be replicated.

Any change to a digitally signed document renders the signature invalid hence the digitally signed document cannot be changed without detection.

Digital signatures ensure authentication:

Since digital signatures require digital certificates that are issued by a trusted third party, it unquestionably identifies the person as who he claims to be.

Digital signatures ensure non-repudiation:

Digital signatures are done using unique set of algorithms within a digital certificate issued to signers after due diligence by certifying authorities. The signer of digitally signed documents can be determined by highest degree of trust, hence signers cannot repudiate their signatures at any point.

Legally valid in most countries:

Countries having e- signature legislations provide digital signatures the same validity as the handwritten signatures. Some of them also recognise electronic signatures, but most of them need highly secure digital signatures for signing electronic documents.

Cost effective and efficient:

Businesses and Governments are now accepting the idea of digitally signing the documents in order to implement paperless office. Going electronic with processes helps them make processes more efficient, reduce costs and secure documents.

How do digital signatures work?

Digital signatures follow a global standard protocol called the PKI (Public Key Infrastructure) that creates two keys - one public, and one private using mathematical algorithm. The public key and private key are mathematically linked to each other.

When an electronic file is digitally signed a unique digital fingerprint (called a hash) of the document is created using signer’s private key. This hash is specific to this particular document. The data in the file gets encrypted and the resulting encrypted data is the digital signature. Slightest change would result in the digital signature getting invalidated.

The digital signature only requires the signer to have the pair of cryptographic keys (Digital signature Certificate). The signer signs the document using his/ her private keys (DSC) and the receiver can verify the signature using the signer’s public keys that are available publicly.