With the digital revolution, many tasks in banking, administration and business can now be completed online. This includes sending or receiving contracts, as well as opening accounts. But this digitisation obviously raises security questions about author identity and the integrity of the documents received. One answer to this issue is the digital signature. myLIFE explains how it works.
At the turn of the century, in the wake of an exponential increase in digital business-to-business or business-to-client interactions (especially those of a commercial nature), it became necessary to establish a legal framework for contracts in an electronic format. How could the digital conclusion of contracts be normalised, and how could the integrity of electronic documents be guaranteed? A well defined and accessible legal framework exists for handwritten signatures, but what about electronic ones?
The validity of contracts concluded electronically was officially defined in the Law of 14 August 2000 on electronic commerce. Just like its handwritten equivalent, therefore, the digital signature has a specific legal status.
A digital signature (the mechanism behind many electronic signatures, or e-signatures) is a computational procedure that can be used to formally identify the author of a document, be it an individual or a company. It can also be used to ensure a document’s integrity, or guarantee that it wasn’t tampered with or fraudulently altered between the moment it was signed and when it is viewed.
Like a handwritten signature, a digital signature is officially binding upon the person (or entity) that signed the document or sent it to be countersigned.
Like a handwritten signature on a printed document, a digital signature is officially binding upon the person (or entity) that signed the document or sent it to be countersigned.
How does it work?
Let’s use an example to illustrate how digital signatures work. Imagine that company X wants to send a document to company Y with a guarantee that the document is genuine and will reach the recipient unaltered.
First, company X would transform the document into something called a “hash”. In layman’s terms, they would use a special software to create a unique digital version of that document in the form of a string of letters and numbers. In this way, the document can’t be changed without also changing this digital identity. But that’s only the first step – the actual digital signature is created in the second step.
The hashing procedure also generates two numeric keys: one public and one private. The private key is used to encrypt the hash, and the encrypted hash is the digital signature.
The document is then sent to company Y, together with the public key. This key can be used to decipher the encryption and return the hashed document to its original form. For this to work, the digital identity must be exactly the same as when it was generated. If it is, it means the document can’t have been altered. It is therefore considered authentic and its author can be clearly identified.
To ensure the integrity of digital signatures, there are specialised authorities like LuxTrust that are in charge of issuing electronic certificates.
Who’s in charge?
When working with locks and keys, you have to guarantee that they come from a trustworthy source. To ensure the integrity of digital signatures, there are specialised authorities like LuxTrust that are in charge of issuing electronic certificates. These are documents with information that is required in order to generate a digital signature.
What does it look like?
Unlike a signature on paper, you can’t see a digital signature on a document. It is actually a series of characters embedded in it. We won’t go into detail, but suffice it to say they resemble the lines of code you might see on the screen of a software developer.
And be careful not to confuse a digital signature with an “electronic signature”, which is sometimes nothing more than a handwritten signature made with a stylus on a tablet.
In addition to being much more practical and environmentally friendly – no more papers to sign and then archive – digital signatures are much harder to forge than handwritten ones. The technology needed to “unlock” these electronic lock and key systems isn’t available to your average hacker; far from it!