Digital Signatures
top of page

Digital Signatures


Digital signatures are commonly used in the legal world and American courts accept their use in legal filings. It's good to have a understanding of how this technology works.

Digital signatures are electronic fingerprints which use Public Key Infrastructure (PKI) to associate a signer with a document. Public keys are associated with specific individuals that register with a certificate authority. The certificate authority stores, issues and signs digital certificates. A registration authority will confirm the identity of someone asking for its digital signature or certificate to be stored with the certificate authority. A registration authority may or may not be an entity separate from the certificate authority. Widely used certificate authorities include, OpenTrust (common in the EU), and SAFE-BioPharma.

In the digital signature process, the author of a message signs with their private key. The recipient uses the author's public key to verify and open the message. The signer of a document will use his or her private key to create a unique hash value for the data in the document, and encrypt the data. The time is recorded. Any subsequent change to the document will invalidate the digital signature. The condensed version of the data is called the message digest. The recipient of the document uses the public key and the same hash function used to create the signature to order to verify the digital signature.

See the below diagram showing how the process works.

A digital signature can be used to both identify unauthorized changes to data and to confirm the identity of the signer of a document. Digital signatures are only one form of an electronic signature. Electronic signatures can also simply be a name entered on an electronic document, or a biometric signature.

/


bottom of page