Your “boss” is interested in the electronic signature and he is right. He instructed you to conduct a study on the subject. But you know nothing about it ! And the subject seems arduous : we speak to you of PKI, private keys, public keys, asymmetric cryptography … In a word : you would like to see more clearly. Do not panic, this post is for you : you will find a compilation of the main questions usually asked about the electronic signature.
The electronic signature is to a digital document, which the handwritten signature is to a paper document. Just like a paper signature, an electronic signature has the sole purpose of demonstrating to a third party that the document has been approved by an identified person. This is a reliable engagement mechanism using cryptographic techniques.
Yes. Today, writing in electronic form is admitted as evidence in the same way as written in paper form, provided that the person from whom it is made can be duly identified and that it is established and kept under conditions of nature to ensure its integrity. The legislation (and in particular article 1316 of the Civil Code) defines the electronic signature as “the use of a reliable identification process guaranteeing its connection with the act to which it relates”.
The electronic signature mainly offers :
1. The ability to sign a document without printing it (saving paper) ;
2. The possibility of sending the document by e-mail (saving of stamp) ;
3. The possibility of signing a document without meeting one another (reduction of travel) ;
4. The possibility to keep the document in digital format (simplification and deletion of paper archiving) ;
The electronic signature differs from the written signature by the fact that it is not visual but corresponds to a number or a series of numbers. Indeed, the signature operation applies to a file and produces binary information commonly referred to as an electronic or cryptographic signature. This will be linked not only to this file but also to the person who signed the document.
However, a number of software programs, including Adobe Reader, automatically verify each signature at the opening of the document and display a visual validation message, which nevertheless allows the electronic signature to be materialized.
Whatever its format, it is very easy to modify the contents of a digital file to its advantage without leaving a trace and without knowing who modified it. On the other side of the coin, it is impossible to put a reliable identity on an electronic document without any specific tool. It is therefore necessary to call upon cryptology, which is, etymologically, the “science of secrecy”.
It encompasses cryptography – secret writing – and cryptanalysis – analysis of the latter. Electronic signature and all electronic evidence management mechanisms rely entirely on this science.
You can sign all types of files without exception (word, PDF, jpg, XML, etc.). That said, a good practice is to use the widely used PDF format, which offers good document stability and allows several electronic signatures to be embedded.
No ! Contrary to conventional wisdom, a signature operation does not encrypt or encrypt the document. It does not change it either. The document remains legible in plain text by your usual software.
The electronic signature allows, for a digital document, to guarantee :
1. The identity of the signatory ;
2. The non-repudiation by the signatory of the signed document ;
3. Signed document integrity, that is, its lack of modification.
To electronically sign a digital document, you will need :
– The document in question ;
– An online electronic signature software or service ;
– A verified digital identity or an electronic certificate.
The production of an electronic signature of the cryptographic type requires the use of what is commonly called an “electronic certificate”. This electronic certificate is equivalent to a digital identity card enabling the identity of a person to be certified with certainty. It allows to sign digital documents with the guarantee that the identity of the signatory is recognized without ambiguity or dispute.
Concretely, it is an electronic file containing a certain number of personal information (name, first name, etc.) as well as a private key enabling cryptographic signature operations to be carried out. It can take the form of a simple software file, or in the form of a hardware device (smart card, SIM card, cryptographic USB key, token) or in a cloud fashion.
The electronic certificate is issued by a so-called certification authority whose role is to verify the identity and to make the connection between the private signature key and the identity of the signatory.
The issuance of a signature certificate requires a number of identity verification operations :
– At least, the sending of photocopies of identity documents for the most flexible procedures ;
– A physical shift of the requestor to the certification authority, and face-to-face identity verification for the most advanced certification policies. During this stage, the applicant presents his identity papers for surrender of the certificate.
To sign a document, you will generally need to perform a number of steps :
1. Visualize the document to be signed ;
2. Click on a “sign” button ;
3. Select the certificate or insert it into your computer if it is a USB key ;
4. Type a PIN code ;
No. For the reasons mentioned above this signature does not present any guarantee in terms of the identity of the signatory and makes it very easy the spoofing of identity. A scanned handwritten signature can easily be reproduced identically via a good image editing software.
In court, digitizing a signature is tantamount to copying it: on the level of proof, it is at best equivalent to a beginning of proof in writing.
There is no real official distinction between the two. However, the term “electronic signature” is used in the legislation. The term “digital signature” is generally used to define the technical principle of the signature (also referred to as a “cryptographic signature”) and not the act of affixing consent to a document by an identified person.
While the electronic signature involves the affixing of a name to a digital document, the timestamp consists of affixing a date to a file in the form of a timestamp token.
A timestamp token guarantees :
– The existence of a file on a given date ;
– That it has not been modified to the nearest bit since that date (principle of integrity). Like the electronic signature, the time stamp guarantees the integrity of the document.
It is strongly recommended to associate a timestamp with each electronic signature.
Want to know more about electronic signatures ?