What are digital signatures?

Try Zoho Sign

Introduction

A digital signature is exactly what it sounds like a modern alternative to signing documents with paper and pen.

It uses an advanced mathematical technique to check the authenticity and integrity of digital messages and documents. It guarantees that the contents of a message are not altered in transit and helps us overcome the problem of impersonation and tampering in digital communications.

Digital signatures also provide additional information such as the origin of the message, status, and consent by the signer.

The role of digital signatures

In many regions, including parts of North America, the European Union, and APAC, digital signatures are considered legally binding and hold the same value as traditonal document signatures.

In addition to digital document signing, they are also used for financial transactions, email service providers, and software distribution, areas where the authenticity and integrity of digital communications are crucial.

Industry-standard technology called public key infrastructure ensures a digital signature's data authenticity and integrity.

How do digital signatures work?

Using a mathematical algorithm, digital signing solution providers such as Zoho Sign will generate two keys: a public key and a private key. When a signer digitally signs a document, a cryptographic hash is generated for the document.

That cryptographic hash is then encrypted using the sender's private key, which is stored in a secure HSM box. It is then appended to the document and sent to the recipients along with the sender's public key.

The recipient can decrypt the encrypted hash with the sender's public key certificate. A cryptographic hash is again generated on the recipient's end.

Both cryptographic hashes are compared to check its authenticity. If they match, the document hasn't been tampered with and is considered valid.

sign-digital-signatures-sender-flow
sign-digital-signature-srecepient-flow

Some frequently asked questions

What is public key infrastructure?

Public key infrastructure (PKI) is a set of software, hardware, and procedures required to securely manage digital signatures. Each digital signature transaction includes a pair of keys: a public key and a private key. The public key will be made available to all those who need to validate the signer's e-signature. The private key is not shared with others and will be only used by the signer to e-sign documents.

Additionaly, PKI also enforces other requirements such as certificate authority (CA), enrollment software, a digital certificate, tools for keys, and certificates management.

What is a digital certificate?

A digital certificate contains the public key for a digital signature and also specifies the identity associated with the key. Digital certificates are usually issued by trusted authorities and valid for a specified period. The certificate authority will act as the guarantor in the whole process.

What is a certificate authority?

For each digital signature transaction, we require a public and private key. Those keys should be protected to avoid tampering of digitally signed documents. Certificate authorities are the industry-trusted organizations that are widely recognized for ensuring key security and digital certificates.

How Zoho Sign can help?

Zoho Sign provides you a simple, yet powerful user interface to digitally sign business documents. You can also automate the digital workflows as per your company's requirements and stay compliant with local and international e-signature standards.