Secure digital signatures

Nov 16, 2020, 15:33 PM by Riaan De Villiers
This week we will discuss digital signatures and how the embedded trust elements will protect your organization.

Secure digital signing
 Image source: Anthony Shkraba.

During our discussion on electronic signatures., we talked about electronic signatures and their inherent weaknesses. 

The first problem with electronic signatures is the fact that there is no unique link from the digital identity of the signer to a real-life identity. The second problem is that electronic signatures does not protect the document and the document can be changed after it has been signed. Today we will discuss digital signatures and how they overcome the weaknesses of electronic signing.

Digital Signatures

As an organization, it could be a daunting task to decide which signature type is correct for your business.

To start, ask the following questions:

  • Does the signature need to uniquely link to the signer?
  • Do we want to make absolutely sure we can identify the signer?
  • Do we want to detect any changes to the document after digital signing?
  • Do we want to be 100% confident that the signature created was under the sole control of the signer?

If any of the above-mentioned questions are important to your organization, it is clear that you need digital signatures.

Digital signatures bring elements of trust that electronic signatures lack. The elements are:

  • Non-repudiation;
  • Document integrity;
  • Accurate time and date of signature and
  • Binding evidence.

In order to digitally sign documents, the signer must first pass through a strong identity verification process. Once the signer has passed the verification process, a digital certificate will be issued to the signer. At the time of signing, the signer will have to pass through a strong authentication process to once again verify their identity. These verification processes provide non-repudiation, making it very hard for a signer to deny signing the document after the fact.

To protect the integrity of the document, public key cryptography is used to encrypt portions of the document during the signing process.

A trusted timestamp is placed on the document to serve as proof of the time and date that the document was signed.

Furthermore, the evidence is embedded into the signed document. Document readers, like the free Adobe Reader application, can interrogate the embedded evidence and display a message to the reader that signature is valid and can be trusted.

Verified digital signature

Adobe Reader reports that signature is valid

Should a document be tampered with after a digital signature was applied, Adobe Reader will automatically detect the tampering and display a warning message. The mechanism protecting the document is so sensitive that it will even detect a white pixel added to a white background!

Verified digital signature

Adobe Reader reports that tampering was detected.

By bringing together all the elements of trust, a digital signature can be considered to be a high trust signature that will bring your organization peace of mind.

Next week we will look at a subset of digital signatures called Advanced Electronic signatures. Advanced Electronic signatures can only be issued by vendors that have been accredited by the South Africa Accreditation Authority and is considered, by South African law, to be the highest trust digital signatures.

Should you have any further questions about electronic and digital signatures, do not hesitate to get in touch with LAWtrust or take a look at our electronic signing solutions.