Digital Signature – What Is It?
When fake and fiction can hardly be distinguished from fact, it helps to have something that demonstrates authenticity and integrity: phishing, for example, is one of the biggest cybercriminal threats of our time. Emails that look deceptively real tempt countless users to disclose valuable information such as login data or other sensitive details. Many employees who have not been trained in IT security find it difficult to distinguish such phishing emails from real emails because cybercriminals are becoming more and more professional, and phishing emails are often provided with well-known labels that make the deception perfect. However, phishing and other fraudulent emails lack one thing: a qualified electronic signature.
The term “electronic signature” is to be understood as a legal term: This umbrella term can be used to describe electronic procedures that check the identity of an author and guarantee the integrity of information. If one speaks of the “digital signature”, this means the cryptographic implementation of the electronic signature: A message is signed with the help of cryptography, including private and public keys.
The digital signature allows documents to be signed digitally to replace handwritten signatures on paper documents. Depending on how the digital signature is used, there are different types, which we will discuss in the next paragraph. Typical application scenarios for digital signatures are, for example:
- Processing of tenders on the Internet,
- legally secure exchange of electronic information, for example, when sending emails or
- Ensuring authenticity and integrity in software.
Digital Signature: Uses & Types
The legal basis for electronic signatures in general or digital signatures is the European eIDAS regulation (“Regulation of the European Union on electronic identification, authentication and trust services”). The types of digital signatures are also defined here:
- A general or straightforward electronic signature,
- an advanced electronic signature as well
- qualified electronic signature.
Each type of digital signature sets and fulfills specific requirements.
This Is How The Digital Signature Works.
For a digital signature to ensure identification and integrity and – if it is an advanced or qualified e-signature – to be legally recognized, the functionality must have a high degree of security. One of the basic requirements is that the digital signature is unique for each user – similar to the manual signature of every human being. Therefore, the basis of the digital signature is the PKI ecosystem – i.e. the Public Key Infrastructure. The PKI relies on mathematical algorithms to generate the private and public keys. Because the basic requirements for the digital signature are public keys that can be assigned to the signers and that only the signers have their private keys.
Digital Signature: For Added Authenticity and Integrity
The transfer of data and information is happening less and less by non-electronic means: Contracts with service providers or employees are sent electronically, as are offers or invoices. It is not uncommon for business partners not to know each other personally, which is why a legally secure framework is all the more critical.
It’s essential to know if the person we think we’re communicating with is actually who we think they are. It is no less relevant that information reaches the recipient precisely as it was sent: free from manipulation, unadulterated, neither shortened nor lengthened – in short: integer. The digital signature ensures both: the identity of communication partners and the integrity of the content.