Each citizen of the American has his personal signature. It is officially fixed on the main page of the American passport. In view of the development of computer technology, a virtual signature began to gain popularity. What is it? An electronic digital signature is an analogue of a handwritten personal signature. With its help, the official conclusion of transactions in electronic form has become possible. Using an electronic digital signature, you can sign an electronic document and forward it to the other side without resorting to printing. A detailed description, features and capabilities of electronic digital signatures will be considered in this article.
General information about EDS
An electronic digital signature is a citizen’s signature in electronic format. It is unique due to its cryptographic protection. This protection is the transformation of information using a private key, which is known exclusively to the owner of the digital signature.
Despite the official acronym EDS, which has been entrenched in America since 2011, the EDS is considered the generally accepted abbreviation for electronic digital signatures (in the first letters). The EDS abbreviation was approved back in 2002, simultaneously with the adoption of the Federal Law “On Electronic Digital Signatures” of January 10, 2002. However, later, in 2011, Federal Law No. 63-ФЗ dated April 6, 2011 reduced the usual abbreviation by 1 letter.
An electronic digital signature includes 3 components:
- The public key. Or an electronic signature verification key. It is intended to confirm the signature. In the public domain for any user (that is, all users of the virtual document management system can see it).
- The private key. This is a unique sequence of characters designed to create an electronic signature.
The private key has other names – private or secret. Based on the name, the owner of this key needs to pay special attention to data safety and also to use TD Bank Routing Number Responsibility for the storage of the private key lies entirely with its owner (in accordance with Federal Law No. 63 “On Electronic Digital Signature”) . There are several ways to store a secret key:
- USB sticks (tokens);
- “Tablets” Touch-Memory;
- Smart card. It is the most reliable way to store.
If the private key becomes known to attackers, it will be considered compromised. Therefore, the electronic signature certificate must be immediately withdrawn by contacting the certification center.
- Certificate key verification of electronic signatures. Often used the simplified name “certificate of electronic signature”. This is a document confirming that the ES verification key belongs to the certificate holder. Reflects information about the owner of the digital signature. It contains information about personal data and details (for individual entrepreneurs).
Each certificate has an expiration date. Typically, a certificate is issued for a period of 12 months. After this period, the signature loses its legal force. To resume work with EDS, you will need to renew the certificate.
The formation of digital signature in world history
The very concept of “electronic digital signature” appeared back in 1976. Then American cryptographers Whitfield Diffie and Martin Hellman for the first time suggested the possibility of such electronic circuits.
The very next year, a group of scientists (Ronald Rivest, Leonard Adleman and Adi Shamir) developed a cryptographic algorithm that could be used to create digital signatures. After 7 years, the developers determined the digital signature algorithm and security requirements.
In America, the first standard for electronic digital signature was developed only in 1994. This issue was dealt with by the Federal Agency for Government Communications and Information under the President of the American (FAPSI). The standard was assigned GOST R 34.10-94. After 2002, the original GOST was changed to a new one: GOST R 34.10-2001, after which the terms “electronic digital signature” and “digital signature” are the same terms.
Over time, a new GOST was established in America: R 34.10-2012, the standards of which must comply with all American information technologies, cryptographic information protection, as well as the processes of formation and verification of electronic digital signatures.
Each country takes care of establishing the legal framework and legal significance of EDS. Consider the standards of the various countries in which the digital signature is valid:
- U.K. The use of electronic signatures is regulated by Law No. 852-IV. This law was adopted in 2003. The central certification authority issues permissions to key certification authorities. His responsibilities also include providing access to electronic catalogs and monitoring the work of key certification centers that issue electronic digital signatures.
- India. In this country, an active ID-card system. Such cards are used in everyday life by more than ¾ of the country’s population.
- Australia. In this country, electronic digital signature is an essential attribute of doing business. However, it is not very popular among citizens (individuals). The fact is that the population is afraid to use an electronic signature because of information that the secret key can still be theoretically compromised.
- Germany. In this country, special strict technical requirements for certification bodies. To carry out their activities, they must fully meet the required criteria. In Germany, the main emphasis of legislation in the field of electronic technology is not on the recognition of the legal force of electronic digital signatures, but on the creation of a holistic infrastructure.
- France. In this country, an electronic digital signature is legally significant, as evidenced by Law No. 2000-230 “On the Evidence-Based Power of Information Technologies and Electronic Signatures” dated 03.13.2000. With the adoption of this law, even amendments and additions were made to the French Civil Code. The above Law sets out the conditions under which the EDS will be legally binding.
- In the Republic of Belarus, Law No. 113-Z “On Electronic Documents and Electronic Digital Signatures”, dated December 28, 2009, was adopted. This Law sets out the legal basis for the use of digital signatures in electronic document management. Currently, citizens of the Republic are quite actively using digital signatures.
Similarities and fundamental differences with hand-signed
Any document must be confirmed and certified by signature. This applies to the documentation of both individuals and legal entities. With the development of virtual transactions, an electronic (virtual) signature was discovered and put into operation. Such a signature, identical to the handwritten one, gives the document legal force. This is the main similarity.
The fundamental difference that does not need to be explained is the signature format. Consider the unconditional protection factor as another difference between these types of signatures.
Each person tries to come up with his own unique, reliable signature. After all, the more difficult it is to “copy” it, the safer life will be. An electronic signature does not have problems with uniqueness. After all, cryptographic keys are unique. Of course, there are such programmers who are trying to violate the integrity of cryptographic protection, but this is already a hacker attack, and is unlikely to be related to the digital signature of an individual. But to falsify the signature on paper, unfortunately, is quite possible. There are “talents” who cope with this offense “perfectly”. A fake signature on paper may reveal a forensic examination. However, not always and not all victims of fraud seek help from the authorities.
Types of Digital Signatures
The Federal Law of the American “On Electronic Digital Signatures” No. 63-FZ of April 6, 2011 regulates the clear separation of electronic signatures into simple electronic signatures and enhanced ones. The latter, in turn, is divided into subspecies.
One of the main differences between a strengthened (qualified) signature and a simple one is its format: it is presented in the form of a cryptographic key, and a simple one is a combination of login and password.