General : What is a Digital Signature?

  • Article

 A digital signature is used to authenticate (The process of verifying that people and products are who and what they claim to be. For example, confirming the source and integrity of a software publisher's code by verifying the digital signature used to sign the code.) digital information — such as documents, e-mail messages, and macros — by using computer cryptography.

Digital signatures helps us,  

To establish the following assurances:

  • Authenticity   The digital signature helps to assure that the signer is who they claim to be.
  • Integrity   The digital signature helps to assure that the content has not been changed or tampered with since it was digitally signed.
  • Non-repudiation   The digital signature helps to prove to all parties the origin of the signed content. "Repudiation" refers to the act of a signer's denying any association with the signed content.

To make these assurances, the content must be digitally signed by the content creator, using a signature that satisfies the following criteria:

  • The digital signature is valid (Refers to the status of a certificate checked against a certificate authority's database and found to be legitimate, current, and not expired or revoked. Documents signed by a valid certificate and not altered since signing are considered valid.).
  • The certificate (A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver's license, can expire or be revoked.) associated with the digital signature is current (not expired).
  • The signing person or organization, known as the publisher, is trusted (The developer of a macro that is trusted by you on your computer. The trusted publisher is identified by the certificate that they used to digitally sign the macro. Also known as a trusted source.).
  • The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA)  (A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.).