What is an Electronic Signature?
With an electronic signature, it is possible to ensure document integrity and authenticity of origin.
- Learning Center
- What is EDI?
- What is an electronic invoice?
- What is GS1?
- What is the eIDAS Regulation?
- What is PEPPOL?
- What is an Electronic Signature?
EDICOM's Electronic Signature Services
A service to approve contracts and any type of document by using an electronic signature.
Advanced electronic document signature services from secure EDICOM signature creation devices.
What is electronic certification?
A digital certification is a document signed electronically by a certification service provider that links signature verification data to a signatory and confirms the signatory's identity. The signatory is the person who possesses a signature creation device and who acts on their own behalf or on behalf of a natural or legal person they represent.
To this end, the applicant is accredited by the certification authority and is unequivocally linked to the certificate. Thus, it provides a unique electronic identifier that allows you to carry out all types of electronic transactions requiring authentication.
Certificates must be issued by an accredited certification authority, integrated in a PKI (Public Key Infrastructure).
Uses for Electronic Certification
1. Electronic signature
Certification is used to sign all kinds of digital documents, from simple e-mails to the most complex commercial contracts. This means a non-repudiation guarantee, unequivocal knowledge of who the document sender is, and document integrity.
2. Communication security
Certifications codify communication between two people, making all transmitted information confidential. This guarantees that any document sent by either party is closed and can only be opened by the legitimate recipient.
3. Certified digitalization
The legislation of many countries allows an original paper document to be substituted with its digital equivalent. This ensures identical legal guarantees, provided that certain procedures, like digital signatures, are observed.
4. Personal identification
This allows for identity recognition in the digital or physical space, allowing or restricting access and recording identity.
5. Software signing
Digital certificates are used to sign software. This allows the entity using the software to ensure original status, know who created the software, and—most importantly—ensures that the signature is not modified after it is created.
How does an electronic signature work?
In an analog context, authenticity is proven by a handwritten signature. An individual or several individuals use it to acknowledge the content of a document and, if applicable, their commitment to comply with the obligations and agreements established therein.
In the context of electronic messages, confidentiality, integrity and authenticity are addressed through cryptography with electronic certificates and electronic signature processes. An electronic certificate is a piece of software. It explicitly identifies a person through a known public code and contains the certificate owner's data, as well as a private code known only by the certificate holder.
With these certificates, an electronic signature is obtained based on a process like this:
1. Certification transmission
The sender obtains the document summary or HASH. This establishes the message's unique digital imprint. If the message has any minor change, this imprint changes.
This HASH is encrypted with the sender's private code.
The receiver gets the message and the encrypted HASH.
Decryption is carried out with the sender's public code. If the process is carried out successfully, the origin of the message is guaranteed (the message is authentic).
5. HASH application
At the same time, the receiver applies the same HASH algorithm to the message as the sender. The imprint obtained is compared to the "decrypted" imprint. If they are the same, this verifies that the message has not been modified (the message is intact).
Certifications Issued by a Trusted Service Provider
These are issued by the registration authority of the Trusted Service Provider after reliable identification of the certificate holder. It normally involves the certificate holder going to the registration point so that the certificate can be issued once identity is authenticated.
These do not require prior identification of the certificate holder. They are usually associated with identification such as emails or cell phones, generating an association between the certificate data and its holder after the implementation of processes that involve communication through any of these means.
Certification Support Systems
Certification Support Software
These are hosted on the hard drive of one of the owner's devices. Their delivery usually involves sending the credentials by a conventional channel such as e-mail or through a download service from the trusted service provider's sites.
Certification Support Hardware
Issuing these certifications implies delivery on a device from which it cannot be removed. Thus, the certification requires the use of the device, which could be a cryptographic card.
The type of certification and signature creation device used will provide greater guarantees to the extent that we use secure signature creation systems based on recognized certifications. From here, there are 3 types of recognized signatures:
Simple Electronic Signature
This is the simplest and most-used signature. Its suitability will be determined by the nature of the transaction, and it is valid in many contexts. It is defined as "data in electronic form attached to, or logically associated with, other electronic data, used as a means of authentication".
Advanced Electronic Signature
This must meet the following requirements:
- Be uniquely linked to the signatory
- Allow identification of the signer
- Be created using means under the sole control of the signatory
- Be linked to the pertinent data in such a way that any subsequent changes are detectable.
Qualified Electronic Signature
This is the definition from eIDAS regulation. It refers to an advanced electronic signature on the device of a recognized certification. This type of signature was discussed in Directive 1999/93/EC, although it was not directly defined in the text of that law.