Frequently Asked Questions about Digital Signatures
What is a digital signature?
A digital signature is a convenient, time-saving, and secure way of signing electronic documents.
What does a digital signature look like?
- -------BEGIN SIGNATURE------
What is an electronic document?
An electronic document is any document that is generated or stored on a computer, such as a letter, a contract, or a will. In addition, an electronic document can be an image, such as a blueprint, a survey plat, a drawing, or even a photograph. A digital signature can be used to sign these documents.
Does that mean that the authenticity of any electronic document can be verified by a digital signature?
Yes, but only if the document originally was "signed" using a digital signature program (software).
This sounds complicated. What is it like to actually sign an electronic document?
It's a simple process and may vary slightly in the software you use, but your digital signature software does all the work. You select the signature option, then select the document, and finally enter your secret authorization code. Everything is accomplished electronically; you do not take a pen in hand and sign a paper.
Can you actually see the signer's handwritten signature?
No, there is no relationship to the signer's handwritten signature. While there's more to it behind the scenes, the visible portion of the digital signature is the signer's name, title and firm name, along with the certificate serial number and the certification authority name.
How do I get a digital signature certificate?
When you choose your digital signature software, it may come with an application for the certificate. The application requests information used to verify your identity and protect you against unauthorized use of your signature. You may also obtain a certificate directly from a certificate authority.
What is a certificate? What does it mean to "publish" a certificate?
A certificate is a computer-based record that identifies the subscriber, contains the public key, and is digitally signed by the certification authority. The digital signature certificate must be associated with both a private key and a public key. When you publish the certificate, you identify yourself to the certification authority by providing it with your public key.
How am I identified as the signer?
When you use your digital signature software, you create a matched pair of keys. One is the "private" key, which is typically installed on your computer. The private key is used only by you and is required during the signing process.
The second key is the "public" key. The public key is available for use by anyone wishing to authenticate documents you sign. The public key will "read" the digital signature created by the private key and verify the authenticity of documents created with it. It would be similar to the process of accessing a safety deposit box. Your key must work with the bank's key before opening the box.
If my private key is stored on my computer, can't someone sign the documents without my permission by getting access to the computer?
No. Your private key is encrypted when it is stored on your computer. When you sign an electronic document, you enter a digital signature Authorization Code to decrypt the private key for as long as it takes to sign the document.
If someone learns of your Authorization Code and also has access to the computer holding your private key, the integrity of your private key is compromised. In this case you would revoke your digital signature certificate and obtain another. This would be the same as reporting a stolen or lost credit card.
Can a digital signature be forged?
Not likely. It is protected by several layers of highly complex encryption.
We like to think that a handwritten signature is unique to the signer and to the pieces of paper which hold it. What if someone produces a good likeness of your handwritten signature? Or, what if on a long contract, someone changes the text of the pages previous to the signature page? In these instances, the signature is valid, but the document has been altered.
With digital signatures, forgery is next to impossible – much more difficult than forging a handwritten signature. First, a digital signature is more of a process than just affixing a signature. For example, when the document is "digitally signed," the digital software scans the document and creates a calculation which represents the document. This calculation becomes part of the "digital signature." When the recipient authenticates the signature, a similar process is carried out. The sender's and the receiver's calculations are then compared. If the results are the same, the signature is valid; if they are different, the signature is not valid.
What are the responsibilities and the liability of a digital signature certificate subscriber?
The subscriber is responsible for safeguarding access to the private key.
What are the practical uses of a digital signature?
It is a secure form of transacting. Contracts, images, letters, etc, may be digitally signed and sent electronically in seconds. Everyone has equal opportunities to transact business with the private or public sectors, no matter the distance.