Digitalization and almost constant use of the Internet in the business sphere has led to a growing need for secure and reliable authentication of exchanged information and documents. Because of that, digital signature has become one of the most important cryptographic tools that is widely used today. Its main role is to confirm the identity of the sender of the message or the signatory of the document, as well as to provide proof that the content of the message or document that was sent to the final recipient has remained unchanged.
Digital signature is not…
Although it comes to mind first, a digital signature is not a scanned thumbnail of a handwritten signature. The scanned signature icon is, in addition to digital and biometric, a type of electronic signature, but it is only a representation of the handwritten signature in
electronic form and therefore cannot have the same effect as the handwritten signature.
The reason for that is that the scanned image of the signature does not meet the level of reliability required in electronic business, it is easily copied and forged by third parties, and it is not subject to graphological expertise, i.e. establishing the authenticity of signatures.
What is an digital signature?
A Digital Signature is a set of data in electronic form that is added to or logically associated with electronic messages or documents and serves as a method of identifying the signatory. The purpose of the digital signature is to confirm the authenticity of the content of the message (proof that the message has not changed on the way from sender to recipient), as well as to ensure the guarantee of the identity of the sender of the message. Digital signatures are based on asymmetric cryptography, and, if properly implemented, a digital signature is much harder to falsify than a traditional signature.
What does exchanging messages that are digitally signed look like?
Let’s suppose that two people want to exchange signed messages (data) and want to be sure of the identity of the person whose message they received. First, both parties must create a pair of complementary keys, a public key and a secret key. After creating them, the two sides exchange their public keys.
The sender, using cryptographic algorithms, first of his message that is of arbitrary length creates a record of fixed length that fully reflects the content of the message. This means that any change in the content of the message leads to a change of signature. So, the sender creates a digital signature based on the message they want to send. It is encrypted with their secret key and sent along with the message. Upon receipt of the message, the recipient decrypts the sender’s signature with their public key. It then creates a signature based on the message it received and compares it to the received signature.
If the signatures are identical, they can be sure that the message was actually sent by the real sender (because they successfully decrypted the signature with their public key) and that it arrived unchanged (because the signatures were found to be identical).
The sender, using cryptographic algorithms, first of his message that is of arbitrary length creates a record of fixed length that fully reflects the content of the message. This means that any change in the content of the message leads to a change of signature. So, the sender creates a digital signature based on the message they want to send. It is encrypted with their secret key and sent along with the message. Upon receipt of the message, the recipient decrypts the sender’s signature with their public key. It then creates a signature based on the message it received and compares it to the received signature.
How can we “get” a digital signature?
The digital signature is issued by an authorized certification body, entered in the Register of Certification Authorities, by issuing a qualified electronic certificate. The Certification Authority (CA) is an intermediary, a “trusted third party” in electronic communication between the two parties.
There are still many open questions about the application of digital signature in practice, but its advantages are obvious, and the most important and most common are:
• simplification of administration
• saving time and money
• authentication and protection of user integrity
• the possibility of harmonization with areas such as e-business, e-commerce, e-banking and payment systems
• elimination of the need for physical exchange of documents by DHL, mail
• the ability for the document to be digital in its original form
Digital signature in Serbia
In Serbia, the electronic signature is provided for and regulated by law, namely the Law on Electronic Document, Electronic Identification and Services of Trust in Electronic Business.
The use of electronic signatures is progressing progressively. Incentives from the competent Ministry, accompanied by legal acts and opinions, certainly act affirmatively in terms of wider application of electronic signatures.
If you want, you can get your electronic certificate from as many as six competent institutions. Competent certification bodies for issuing qualified electronic certificates in Serbia are:
• Post certification authority
• PKS Certification Authority (PKS CA)
• Certification body of the Ministry of the Interior of the Republic of Serbia
• HALCOM BG CA
• ESS CA.
• Certification authority of the Ministry of Defense and the Serbian Army
The digitalization and increasingly frequent use of the Internet in business applications had led to the need for secure and reliable authentication of documents. Digital signatures are therefore increasingly approaching classic signatures in terms of frequency of use and the importance of the documents they sign, and it is only a matter of time before they make them redundant.