A digital signature is a block of data derived from a cryptographic transformation of an electronic document or its hash using the private key of a specific individual or organization. A digital signature is used to certify (sign) a document in electronic form, guarantee its integrity and immutability, and identify the signer.
A digital signature is a kind of electronic signature or eSignature (these terms cover any method of certification of electronic documents, even without the use of cryptography).
How digital signatures work
Since most digital signatures are based on an asymmetric encryption algorithm, a public and private key pair is required. These keys are issued to the respective individual (or organization), together with a certificate of ownership. Unlike encryption, in digital signatures the private key is used for signing, and the public key – for decrypting the signature. As a rule, special software is used for signing documents.
Feasibility of digital signatures based on symmetric algorithms is also being researched.
Requirements for digital signatures
A digital signature must:
- Unambiguously identify the signer.
- Permit detection of whether a document was modified after signing.
To be valid, a digital signature must also comply with the legal requirements of the country in which it is used.
The digital signature’s certificate and keys can be stored on the signer’s computer, on the counterparty’s server (for example, a digital signature issued by a tax authority for signing declarations can be stored with the authority), as well as on a separate device (for example, a USB token or smart card).
Application of digital signatures
Digital signatures are used to certify contracts, tax documentation, laws and regulations, internal company documents and much more.
They are also employed in blockchain technology to authorize transactions.
Digital signature classes
There are three classes of digital signature certificates:
- Class 1. When issuing a certificate, the certification authority (CA) checks only the user’s name and email address. Such certificates provide a basic level of protection and are used if the risk of data compromise is low.
- Class 2. Certificates of this class require user identification, but they can be obtained remotely. A class 2 digital signature can be used, for example, to sign tax documentation.
- Class 3. To obtain a class 3 certificate, the user must go to the CA in person. This type of signature is used in electronic auctions and tenders, for filing lawsuits, and in other situations where the risk of data compromise is high.