Digital Signature software is commonly used to authenticate documents. When you sign a physical document, you are authenticating its contents. Similarly, Digital Signature software is used to authenticate the contents of electronic documents. They can be used with PDF, e-mail messages, and word processing documents.
To digitally sign a document, you must have a digital ID. This unique identifier can obtained from various certification authorities on the Web, such as VeriSign and EchoSign. Once you have a digital ID, you can add register it with programs that support digital signatures, such as Adobe Acrobat and Microsoft Outlook. Then you can use the program's "Sign" feature to add your digital signature to documents.
The digital signature is simply a small block of data that is attached to documents you sign. It is generated from your digital ID, which includes both a private and public key. The private key is used to apply the signature to the document, while the public key is sent with the file. The public key contains encrypted code, also called a "hash," that verifies your identity.
Digital Signature software can be used to certify or approve documents. Certifying signatures verify the document's creator and show that the document has not been altered since it was signed. Therefore, only the original creator of a document can add a certifying signature. Approval signatures can be added by anyone with a digital ID and are used to approve documents, track changes, and accept terms stated with a document.
How It Works
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
- You copy-and-paste the contract (it's a short one!) into an e-mail note.
- Using special software, you obtain a message hash (mathematical summary) of the contract.
- You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
- The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)
At the other end, your lawyer receives the message.
- To make sure it's intact and from you, your lawyer makes a hash of the received message.
- Your lawyer then uses your public key to decrypt the message hash or summary.
- If the hashes match, the received message is valid.
Time stamping of digital signatures
What is time stamping and why should I use it?
Time stamping is used to specify time when the digital signature is made. This is needed to properly validate the signature.
If signature timestamp is present, the application which validates (verifies) the signature, will check whether the certificates involved into signature validation were valid at the moment of signing. If there's no timestamp for the signature, certificate validity is checked for the moment of signature validation, which is not always acceptable.
With timestamp: signature is ok (signature was made during certificate validity period) Without timestamp: signature is not valid (certificate has expired by the moment of signature verification).
Time stamping should be used if the signature is supposed to be used (to proof authenticity of the document author or data originator) in long term, i.e. longer than one or several days.
Time stamping is not necessary when you, for example, send a short signed note to the colleague and this note is expected to be read and disposed of the same day as it has been written. Of course, time stamping cannot be used when it's not supported by the signing technologies or when time stamping authority is not available.
On the other hand, time stamping is a must when you create signed documents for wide distribution or for long-term storage and archiving purposes. Time stamping is also used when signing the executable modules of software applications.
What is Digital Signature Components ?
The Components of a Digital Signature
A digital signature is an electronic construct that purports to replace in an electronic world what is called wet or ink signatures in the paper world. I have so far identified eight fundamental components of a digital signature:
- Level of Authentication
- Time Limitation
- Capacity Limitation
- Commitment Level Limitation
- Purpose / Use Limitation