Digital Signature is a process that guarantees that the contents of a message have not been altered in transit.
When you, the server, digitally sign a document, you add a one-way hash (encryption) of the message content using your public and private key pair.
Your client can still read it, but the process creates a "signature" that only the server's public key can decrypt. The client, using the server's public key, can then validate the sender as well as the integrity of message contents.
Whether it's an email, an online order or a watermarked photograph on eBay, if the transmission arrives but the digital signature does not match the public key in the digital certificate, then the client knows that the message has been altered.
How does a Digital Signature Work?
The digital signature can be considered as a numerical value that is represented as a sequence of characters. The creation of a digital signature is a complex mathematical process that can only be created by a computer.
Consider a scenario where Alice has to digitally sign a file or an email and send it to Bob.
- Alice selects the file to be digitally signed or clicks on 'sign' in her email application
- The hash value of the file content or the message is calculated by Alice's computer
- This hash value is encrypted with Alice's Signing Key (which is a Private Key) to create the Digital Signature.
- Now, the original file or email message along with its Digital Signature are sent to Bob.
- After Bob receives the signed message, the associated application (such as email application) identifies that the message has been signed. Bob's computer then proceeds to:
- Decrypt the Digital Signature using Alice's Public Key
- Calculate the hash of the original message
- Compare the (a) hash it has computed from the received message with the (b) decrypted hash received with Alice's message.
- Any difference in the hash values would reveal tampering of the message.
How do I create a Digital Signature?
You can obtain a digital signature from a reputable certificate authority such as Sectigo, or you can create it yourself. You need a digital certificate to digitally sign a document. However, if you create and use a self-signed certificate the recipients of your documents will not be able to verify the authenticity of your digital signature. They will have to manually trust your self-signed certificate.
If you want the recipients of your documents to be able to verify the authenticity of your digital signature then you must obtain a digital certificate from a reputable CA. After downloading and installing the certificate - you will be able to use the 'Sign' and 'Encrypt' buttons on your mail client to encrypt and digitally sign your emails. This makes more sense in a business scenario, as it assures the recipient that it was genuinely sent by you and not by some impersonator.
Other Uses for Digital Signature
Sometimes you need proof that the document came from you and no one has tampered with it since you sent it. Digital Signature with your SSL Certificate fills the bill.
On the other hand, sometimes you need to prove that a document came from someone else and has not been altered along the way. In legal matters, for example, you may need to prove that a contract has not been altered since someone sent it as an email.
Because the computer tenaciously pairs the Digital Signature to one saved version of the document, it is nearly impossible to repudiate a digitally signed document.
Or, if you are a developer distributing software online, you may need to reassure your customers that your executables really are from you. Put a Code Signing Certificate in your toolkit.
Types of digital signatures
Different document processing platforms support and allow the creation of different types of digital signatures.
- Adobe supports - certified and approval digital signatures
- Microsoft Word supports - visible and non-visible digital signatures
Adding a certifying signature to a PDF document indicates that you are the author of the document and want to secure the document against tampering.
Certified PDF documents display a unique blue ribbon across the top of the document. It contains the name of the document signer and the certificate issuer to indicate the authorship and authenticity of the document.
Approval signatures on a document can be used in your organization's business workflow. They help optimize your organization's approval procedure. The process involves capturing approvals made by you and other individuals and embedding them within the PDF document.
Adobe allows signatures to include details such as an image of your physical signature, date, location, and official seal.
Visible Digital Signatures
These allow a single user or multiple users to digitally sign a single document. The signatures would appear on the document in the same way as signatures are applied on a physical document.
Invisible Digital Signatures
Documents with invisible digital signatures carry a visual indication of a blue ribbon in the task bar. You can use invisible digital signatures when you do not have to or do not want to display your signature, but you need to provide indications of the authenticity of the document, its integrity, and its origin.