Digital Signature

Digital Signatures: A better alternative for handwritten signatures

Digital signatures offer many advantages. Not only you know that a certain person has signed a specific document but that was also the exact information he signed. Once a digital signature has been placed the document cannot be altered anymore, or it will lead to an invalid digital signature. Next to that digital signatures can be used for many purposes such as contracts, payment instructions, confirmations but of course also to maintain the integrity of the data.

A digital signature is based on public key cryptography, which means that every user has a secret and a public key. The secret key is used to place a digital signature on e.g. a document and with the public key the signature can be verified. To maintain the integrity of the public key it will be made available in the form of a certificate. There are several levels of trust possible for certificates, ranging from self-signed to qualified certificates. Important for digital signatures is proof of identity of the holder of the certificate, and eliminating risks in the process as much as possible.

Each country, as well as the European Union has its own legislation or directive regarding the validation of digital signatures. If a digital signature complies with the legislation it is called a qualified signature. For a digital signature to be valid for EU legislation the whole process of issuing the certificate and signing the information has to comply with a technical framework called CWA. This framework describes the technical architecture to use and security measures to take to be compliant.

All AET Solutions support the use of digital and qualified signatures; The cryptographic middleware SafeSign Identity Client, the ConsentID Identity Provider and BlueX eID Management can be used to issue and use certificates complying to the digital signature legislation.