In our daily life, it often happens to us that we think we are so clear about a concept that we do not even think about investigating it, and then it turns out that we should have studied it more thoroughly. Other times, however, we have many doubts about it, but we do not know how and where to find answers.
The concept of the digital signature is an excellent example of this situation. Without a doubt it is a term known to the general public; After all, its use is already widespread in administrations and departments of human resources. Even so, whenever we have a meeting with a consolidated or potential client (either in a fair or a meeting), we realise that there are aspects about this technology that is not as clear or understandable as we supposed at first.
These meetings are always valuable because thanks to them we can know which are the most frequent questions that our clients have regarding the digital signature.
As we agreed with the Argentine writer Jorge Luis Borges when he said that “doubt is one of the names of intelligence”, we have compiled here 5 of the most frequent questions, and we have given them an answer.
1. Are digital signatures safe? Can someone falsify mine?
Digital signatures are secure, and it is complicated to falsify one.
Because, being based on asymmetric cryptography, they have a private key, which only the signatory knows, and a public key, which is available to everyone; both are generated through a public key algorithm. In this way, when the user wants to sign a document, he uses his private key, which is unique and non-transferable, and which is exclusively in his possession; no one else can have access to it.
For a case of digital signature forgery to occur, the attacker would have to get hold of the signer’s private key, and this is extremely difficult. In case it happens, the user could revoke the trust in the key that has been compromised, through another different key, in the power of the Certification Authority (CA) that issues the certificates, and strict security measures protect that.
Therefore, if you are going to use a digital signature, you can rest assured and trust it to do any procedure: it is complicated for someone to falsify it, and if so, it is possible to solve the problem.
2. Very good, but how does a digital signature work?
Digital signatures are based on digital certificates issued by certification authorities (CA). The certificates are used to link digital identities to the pair of keys generated by a user and contain data such as their name, the date on which the certificate expires, a copy of the public key and information about the CA that issued the certificate.
The corresponding CA verifies the identity of each user; once it has been carried out, the said user can issue a digital certificate and sign the document they want.
In turn, the digital certificates are based on asymmetric cryptography, and as we mentioned in the previous point, they have a public key and a private one.
From a technical point of view, when you want to sign a document, a hash (a unique and non-transferable identifier of a digital document) is usually generated using a hash function. This hash is encrypted using the signer’s private key and combined with the public key to create what is commonly known as a digital signature.
The receiver, in turn, verifies the identity of the signatory through the public key, which allows guaranteeing the privacy of the information exchanged between two users.
3. Can I trust a document that has a digital signature?
Of course. In case there is any alteration in the document, the signature is no longer valid since the document has been modified and the signed hash does not match the current hash. On the other hand, if there is any indication that the user’s private key has been compromised (among other reasons), the digital certificate can be revoked and can no longer be used for signing.
4. However, what kind of organisations use a digital signature?
Due to the multiple benefits it brings and the level of security it offers, the digital signature has been adopted by numerous organisations in the public and private sectors, and in industries as diverse as financial, healthcare or legal. The laws of each country regulate its use.
Besides, many companies aspire to achieve the model of “paperless office“, which would allow them to save costs, have a better organisation of documents and produce a lower environmental impact.
5. So, how do I choose the perfect digital signature for my organisation?
When deciding on one product or another, we recommend you chose the one that meets the following requirements:
- That it is legally binding and offers guarantees of compliance with laws and regulations such as eIDAS.
- That allows workflows to expedite the approval of documents by several signatories.
- That has the option of bulk signature, to automate the signature processes for hundreds of documents.
Discover the digital signature of nebulaSUITE
nebulaSUITE by vintegrisTECH offers a legally recognised digital signature to comply with regulations such as eIDAS through the nebulaSIGN solution because it uses qualified digital certificates issued through its CA, vinCAsign.
Among other things, the digital signature of nebulaSIGN offers the option of using workflows and bulk signature, to help organisations carry out legal, administrative and bureaucratic procedures in the shortest possible time so that they can dedicate their resources to strengthen the relationship with its customers and better meet their needs. All of this cutting costs by not having to print, copy and store paper documents.
In addition, Víntegris has recently been approved as a qualified provider of trusted electronic services under eIDAS, obtaining the Common Criteria EAL4 + certification for its vinCERTcore product (a part of nebulaSUITE), granted by the National Cryptological Center. It is worth mentioning that level CC EAL4 + is the highest level given by the CCN when it comes to recognising the safety level of a product.
Do you have more questions?
If you are interested in knowing more about digital signature and do not see your question answered in this post, we encourage you to contact us. We will be happy to help you.
Also, ask for your nebulaSUITE demo to see for yourself how this all-in-one digital identity solution can help your organisation. Start enjoying the benefits it brings.
Finally, if you are on social networks, connect with us to be aware of our news and learn more about digital signatures and digital certificates. We are on Twitter and LinkedIn. Follow us!