Behind the Digital Signature

Security digital signature authentication

A digital signature isn’t just a modern and functional way to sign on the dotted line in a paperless society. A digital signature ensures your document is secure, confirms the contents have not been altered, and verifies the sender is…the sender. They are legal in Canada, the United States, the U.K., Australia, and most countries in the EU, South America, and Asia, and pretty much most countries throughout the developed world. So it seems digital signatures are nothing really new. We’re doing it and we’ve done it.

Some confusion still exists over the difference between digital and electronic signatures. While, both legal and widely accepted, the difference is in the technology.

An electronic signature is basically a scanned image or electronic replication of an ink signature used to prove agreement to a contract. Whereas, a digital signature uses a specific type of encryption technology applied like a signature or a stamp to a document, which authenticates the contents and verifies the sender. Without a digital signature, your document and any transactions based on the document may not be legally binding, putting you and your business at risk.

How Digital Signatures Work

Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm, such as RSA, two mathematically-linked keys can be generated: one is a private key used to encrypt a data before sending, and the other is a purblic key used to decrypt the message once it is received. Public key cryptography depends on two mutually-validating cryptographic keys. The person creating the digital signature uses their own private key to encrypt a document, and the only way to decrypt that data is with the signer's public key, which is how digital signatures are validated.

Creating a Digital Signature

To create a digital signature, signing software, such as DocuSign, Adobe Sign, or Pandadoc, creates a one-way hash algorithm of the electronic data, in this case the signature. A private key is used to encrypt the hash, and the encrypted hash, along with other information, such as the hashing algorithm, is the digital signature. The reason for encrypting the hash instead of the entire message or document is because a hash function can convert any length of data and is much faster, saving time and memory.

The value of a hash is unique to the hashed data. Any change in the data, even a change in a single character, will result in a different value, and this feature enables others to validate the data by using the signer's public key to decrypt the hash. If the decrypted hash matches a second hash, it proves that the data has not been changed or tampered with since it was signed. If the two hashes don't match, the data has either been tampered with or the sender’s identity cannot be authenticated.

Digital signatures also make it difficult for the sender to deny having signed something as the computer pairs the digital signature with the document and the signer binds them together making it nearly impossible to repudiate signing a digitally-signed document. The software can also streamline the workflow process by providing an audit trail. This is particularly handy when multiple parties are viewing a document and you need to verify in whose hands the document currently is. They can be applied to legal and financial transactions, or used for sales, marketing, or human resources purposes. We use digital signatures in many areas of our business, including our own onboarding process, using an Adobe program that is supported across devices. It saves us time (which is always of the essence) and provides us with confidence that documentation is accurate and secure.

Read a few reviews of current digital signature software to learn more.

Previous Post Next Post