Your handwritten signature is a legal instrument that verifies the authenticity of a document, or your acceptance of and agreement to the terms of a contract. But you need something tangible to write upon, don't you? A signature must be affixed to a piece of paper, a bit of tree bark, a clay tablet, a stone, something you can lay your hands upon. How can you sign something in a paperless, digital world?
How Do Digital Signatures Work?
Slowly, as e-business has caught on, digital signatures have evolved to serve the legal purposes of authenticating documents and indicating assent to contracts even when the documents "signed" exist only as patterns of bits on a disk. There are several components to a digital signature.
First, there's authentication of a document file. A digital signature must provide a means to verify that the document file to which it is affixed has not been altered since the digital signature was affixed; presumably, since the signatory read, agreed to, and "signed" the document. So digital signature methods encrypt document files at the time of signing.
A relatively short string of bits is generated by digital signature software based upon the pattern of bits in a document file at the time of signing. This bit pattern is stored as part of the digital signature. To verify the authenticity of a received document, the document is run through the same encryption algorithm again. The new bit pattern is compared to the one stored in the digital signature. If the two patterns match, then the document file has not been altered since it was signed.
Encryption can also be used to control what a user can do with a document file. Digital signatures can prevent unauthorized viewing, copying, printing, or transmission over a network of a signed document file. If a password has been provided separately to authorized users, it can unlock all or selected restrictions imposed by the digital signature.
Can Digital Signatures Be Forged?
Second, a digital signature must authenticate the signatory. Your handwritten signature proves that you signed a paper document; a digital signature must prove the same on a digital document. Like handwritten signatures, digital signatures must be highly resistant to forgery. Digital signature methods accomplish this by issuing digital signature certificates to individual users.
Digital certificates work much like the signature card kept on file at your bank, which can be compared to the signature on any check supposedly written by you. A digital signature certificate is a string of encrypted bits generated by a generally accepted certificate authority. The authority keeps a database of all certificates it issues and the identities of their recipients. When a digital signature must be authenticated, the certificate embedded in it is compared to those stored by the authority.
Finally, a digital signature can include a graphic image of your handwritten signature, simply scanned as you would scan any other written matter. You can embed encrypted digital signature patterns and digital certificates in the graphic image, where they remain invisible. Now someone can fax, print, and store in a paper filing cabinet a copy of the document with your visible signature on it.
Laws and jurisprudence governing digital signatures are still evolving. Different jurisdictions have different standards for what makes a digital signature legally binding. It is wise to consult an attorney expert in e-commerce before entering into regular business that relies upon digital signatures.
Standard office productivity software such as Microsoft Office and Adobe Acrobat include features for adding digital signatures to documents. Microsoft provides its own Authenticode digital certificate authority free of charge, and a selection of paid third-party certificate authorities is available through Microsoft Office programs. Adobe Acrobat will refer you to a third-party certificate authority.
iSafePDF is one free software utility that simplifies the addition of digital signatures, images, and certificates to PDF files.
This article was posted by Bob Rankin on 30 Apr 2010
|For Fun: Buy Bob a Snickers.|
What is Forex?
The Top Twenty
Convert DVD to AVI
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Digital Signatures (Posted: 30 Apr 2010)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Digital Signatures"
30 Apr 2010
Thanks for taking some of the mystery out of digital signatures, Bob.
I've always wondered about those statements that say, "A photocopy of your signature is as valid as the original." That seems like circular reasoning to me: My certification that a photocopy is valid shouldn't be enforceable until I have signed it -- with an ORIGINAL signature, not a photocopy of a signature. But that never happens.
I used to think digital signatures fell into the same realm. Now, thanks to your article, I have a little better understanding.
30 Apr 2010
I first put my hands on a computer in 1959. "Byte" was not a word yet. A "word" was seven bits, five bits of data (31 discreet patterns, not counting all zeros) surrounded by a start bit and a stop bit. I just state this to validate that I have a long history with computers and I know something about them. However, I defer to Bob Rankin's superior knowledge of the field today. I am a subscriber and I would say a fan of Ask Bob Rankin.
Now for the commment: Thanks for making digital signatures clear as mud, Bob. (But don't cancel my subscription!)
EDITOR'S NOTE: One guy says "Thanks for taking the mystery out of it" and another says "clear as mud!" It takes all kinds of people to make the world go 'round. :-)
30 Apr 2010
No, Bob, it only takes 'our kind'. ;-)
I think I understand everything (all my friends and relatives are lawyers) but maybe some illustration would have helped this article.
11 May 2010
So... does this mean that the scanned copy of my signature(that I've been using) is really legal?
02 Jun 2010
Hi, this is a very interesting piece on an increasingly important topic and I thank you for it.
I have a question around the use of scanned signatures. You mention: "You can embed encrypted digital signature patterns and digital certificates in the graphic image, where they remain invisible. Now someone can fax, print, and store in a paper filing cabinet a copy of the document with your visible signature on it."
What prevents anyone from altering the contents of that document and printing that or any other document of their choosing with your signature on the bottom? The printed copy has no other identifying marks because the embedded markings are not visible when printed. This is assuming the printed version is just as legal as the electronic one it was printed from.
08 Jun 2010
I downloaded a program after it was mentioned in your newsletter. When I got around to installing and running it, a warning appeared that it lacks a digital signature and that one should not open an unsigned executable program without being sure it is OK.
Name of the program is Online TV player.
How does one tell if it (or any given unsigned program) is safe?
10 Nov 2010
Yes, e-signatures have been getting more attention lately since the E-Sign Act was approved. In my opinion, speed and efficiency are two positive results brought by this application. That's why many organizations and online businesses are now looking at how they can use e-signatures for their operations.