Digital Signatures

Category: Security

Your handwritten signature is a legal instrument that verifies the authenticity of a document, or your acceptance of and agreement to the terms of a contract. But you need something tangible to write upon, don't you? A signature must be affixed to a piece of paper, a bit of tree bark, a clay tablet, a stone, something you can lay your hands upon. How can you sign something in a paperless, digital world?

digital signatures

How Do Digital Signatures Work?

Slowly, as e-business has caught on, digital signatures have evolved to serve the legal purposes of authenticating documents and indicating assent to contracts even when the documents "signed" exist only as patterns of bits on a disk. There are several components to a digital signature.

First, there's authentication of a document file. A digital signature must provide a means to verify that the document file to which it is affixed has not been altered since the digital signature was affixed; presumably, since the signatory read, agreed to, and "signed" the document. So digital signature methods encrypt document files at the time of signing.

A relatively short string of bits is generated by digital signature software based upon the pattern of bits in a document file at the time of signing. This bit pattern is stored as part of the digital signature. To verify the authenticity of a received document, the document is run through the same encryption algorithm again. The new bit pattern is compared to the one stored in the digital signature. If the two patterns match, then the document file has not been altered since it was signed.

Encryption can also be used to control what a user can do with a document file. Digital signatures can prevent unauthorized viewing, copying, printing, or transmission over a network of a signed document file. If a password has been provided separately to authorized users, it can unlock all or selected restrictions imposed by the digital signature.

Can Digital Signatures Be Forged?

Second, a digital signature must authenticate the signatory. Your handwritten signature proves that you signed a paper document; a digital signature must prove the same on a digital document. Like handwritten signatures, digital signatures must be highly resistant to forgery. Digital signature methods accomplish this by issuing digital signature certificates to individual users.

Digital certificates work much like the signature card kept on file at your bank, which can be compared to the signature on any check supposedly written by you. A digital signature certificate is a string of encrypted bits generated by a generally accepted certificate authority. The authority keeps a database of all certificates it issues and the identities of their recipients. When a digital signature must be authenticated, the certificate embedded in it is compared to those stored by the authority.

Finally, a digital signature can include a graphic image of your handwritten signature, simply scanned as you would scan any other written matter. You can embed encrypted digital signature patterns and digital certificates in the graphic image, where they remain invisible. Now someone can fax, print, and store in a paper filing cabinet a copy of the document with your visible signature on it.

Laws and jurisprudence governing digital signatures are still evolving. Different jurisdictions have different standards for what makes a digital signature legally binding. It is wise to consult an attorney expert in e-commerce before entering into regular business that relies upon digital signatures.

Standard office productivity software such as Microsoft Office and Adobe Acrobat include features for adding digital signatures to documents. Microsoft provides its own Authenticode digital certificate authority free of charge, and a selection of paid third-party certificate authorities is available through Microsoft Office programs. Adobe Acrobat will refer you to a third-party certificate authority.

iSafePDF is one free software utility that simplifies the addition of digital signatures, images, and certificates to PDF files.

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 30 Apr 2010

For Fun: Buy Bob a Snickers.

Prev Article:
What is Forex?

The Top Twenty
Next Article:
Convert DVD to AVI

Most recent comments on "Digital Signatures"

Posted by:

Lee McIntyre
30 Apr 2010

Thanks for taking some of the mystery out of digital signatures, Bob.

I've always wondered about those statements that say, "A photocopy of your signature is as valid as the original." That seems like circular reasoning to me: My certification that a photocopy is valid shouldn't be enforceable until I have signed it -- with an ORIGINAL signature, not a photocopy of a signature. But that never happens.

I used to think digital signatures fell into the same realm. Now, thanks to your article, I have a little better understanding.

Posted by:

Digital Artist
30 Apr 2010

I first put my hands on a computer in 1959. "Byte" was not a word yet. A "word" was seven bits, five bits of data (31 discreet patterns, not counting all zeros) surrounded by a start bit and a stop bit. I just state this to validate that I have a long history with computers and I know something about them. However, I defer to Bob Rankin's superior knowledge of the field today. I am a subscriber and I would say a fan of Ask Bob Rankin.

Now for the commment: Thanks for making digital signatures clear as mud, Bob. (But don't cancel my subscription!)

EDITOR'S NOTE: One guy says "Thanks for taking the mystery out of it" and another says "clear as mud!" It takes all kinds of people to make the world go 'round. :-)

Posted by:

Mike Barich
30 Apr 2010

No, Bob, it only takes 'our kind'. ;-)

I think I understand everything (all my friends and relatives are lawyers) but maybe some illustration would have helped this article.

Posted by:

Don Morgan
11 May 2010

So... does this mean that the scanned copy of my signature(that I've been using) is really legal?

Posted by:

02 Jun 2010

Hi, this is a very interesting piece on an increasingly important topic and I thank you for it.
I have a question around the use of scanned signatures. You mention: "You can embed encrypted digital signature patterns and digital certificates in the graphic image, where they remain invisible. Now someone can fax, print, and store in a paper filing cabinet a copy of the document with your visible signature on it."
What prevents anyone from altering the contents of that document and printing that or any other document of their choosing with your signature on the bottom? The printed copy has no other identifying marks because the embedded markings are not visible when printed. This is assuming the printed version is just as legal as the electronic one it was printed from.

Posted by:

08 Jun 2010

I downloaded a program after it was mentioned in your newsletter. When I got around to installing and running it, a warning appeared that it lacks a digital signature and that one should not open an unsigned executable program without being sure it is OK.

Name of the program is Online TV player.

How does one tell if it (or any given unsigned program) is safe?

Posted by:

Alfred Siliano
10 Nov 2010

Yes, e-signatures have been getting more attention lately since the E-Sign Act was approved. In my opinion, speed and efficiency are two positive results brought by this application. That's why many organizations and online businesses are now looking at how they can use e-signatures for their operations.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Digital Signatures (Posted: 30 Apr 2010)
Copyright © 2005 - Bob Rankin - All Rights Reserved