General : What is a Digital Signature?
A digital signature is used to authenticate (The process of verifying that people and products are who and what they claim to be. For example, confirming the source and integrity of a software publisher's code by verifying the digital signature used to sign the code.) digital information — such as documents, e-mail messages, and macros — by using computer cryptography.
Digital signatures helps us,
To establish the following assurances:
- Authenticity The digital signature helps to assure that the signer is who they claim to be.
- Integrity The digital signature helps to assure that the content has not been changed or tampered with since it was digitally signed.
- Non-repudiation The digital signature helps to prove to all parties the origin of the signed content. "Repudiation" refers to the act of a signer's denying any association with the signed content.
To make these assurances, the content must be digitally signed by the content creator, using a signature that satisfies the following criteria:
- The digital signature is valid (Refers to the status of a certificate checked against a certificate authority's database and found to be legitimate, current, and not expired or revoked. Documents signed by a valid certificate and not altered since signing are considered valid.).
- The certificate (A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver's license, can expire or be revoked.) associated with the digital signature is current (not expired).
- The signing person or organization, known as the publisher, is trusted (The developer of a macro that is trusted by you on your computer. The trusted publisher is identified by the certificate that they used to digitally sign the macro. Also known as a trusted source.).
- The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA) (A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.).