The electronic signature or telesignature (or e-signature) is a digital imprint that places its mark on a digital document. It is similar to a handwritten signature, and enables you to sign electronically an e-mail, a contract, an invoice, an agreement, and so on. It is legally valid if the document is in a valid electronic signature format.
It reduces paper, mailing, reception and storage costs.
1. Electronic signature of documents
For example, on October 1, 2010, Quebec became the first province in Canada to make the electronic signature of official documents mandatory. All official documents must be signed in a valid electronic signature format (XML or PDF) to be legally valid in Quebec. So there’s a law you need to know.
What are the exceptions?
You can still manually sign an official document if :
– This document was received or created by the Ministry of Justice, the Ministry of Finance or a department of a public body.
– You are unable to sign electronically (due to technical inaccessibility, for example).
– You have decided not to use the electronic signature, even though it is mandatory.
However, you must find a way to prove that you have signed the written request and that you are fully aware of what you have signed.
Imagine a company that uses thousands of stamps every year. If all powers of attorney, letters, notices and energy accounts had to be sent by post, more than 15,000 tonnes of paper would be needed just for stamps. And that’s not counting the time needed to pack, prepare and distribute the e-mails. By using the electronic signature, anyone can send a written request instead of an e-mail.
In short, an agreement, contract or understanding must be signed in writing by the person concerned. If you sign an official document online, it must be in a valid format and electronically signed in accordance with e-Law and e-Government.
2. Use the electronic signature
To use the electronic signature with Outlook , proceed as follows :
1. In the File menu, click on Options.
2. Click on Signature and Options in the left-hand panel.
3. On the Signature authentication procedure tab, choose the signature authentication method you wish to use. For more details on signature authentication methods, see comments below.
4. Click on OK
There are also online applications that can be used to create and sign documents.
For example, W3C (World Wide Web Consortium) has developed an international standard called Web Services Security: Signature and Encryption Specification (SES). A number of companies are developing electronic signature applications based on this standard.
There are different types of signature authentication methods:
Digital certificate: The digital certificate is an essential element in the creation of an electronic signature. It’s a kind of digital ID that identifies the operator of the electronic signature and is used to authenticate the electronic signature.
Account certificate: The account certificate is an essential element in the creation of an electronic signature. It is used to authenticate the account on which the transaction is carried out.
Public key encryption: Public key encryption lets you transmit confidential documents in total security. This method consists of two steps:
– First, we create a confidential document.
– It is then encrypted using a public key.
Similarly, private key encryption enables data to be encrypted using the recipient’s private key (symmetrical encryption).
The two-key encryption method (also known as asymmetric encryption) can also be used to communicate confidential information over the Internet, in two stages:
– First, we create a confidential document.
– It is then encrypted with the public key of the person for whom it is intended, and finally decrypted with that person’s private key.
3. Electronic signature security
To benefit from the advantages described above, electronic signatures must be secure. The signature protocol used (encryption method used) and the data used (certificate, private key, etc.) must be known and mastered by the user. Let’s see how it works in practice.
The electronic signature begins with the creation of a confidential document: this document is called the signature key. We then want to authenticate it, i.e. guarantee its provenance (the person who created it) and veracity (that it has not been modified).
Authentication of the electronic signature is performed using the signatory’s public key, which is used to encrypt the document (the hash) and sign it with his or her private key. Then we send it to the recipient. The latter can then decrypt it using the signatory’s public key. It then checks that this is the original document (decryption with the signer’s private key) and that it has not been modified (compare the original hash with the new hash).
If all goes well, he can be sure that the document has been sent to him by his correspondent, and that it is original and unaltered. It will therefore be valid and accepted.
Here’s a concrete example:
You want to send a confidential document to someone you trust. You create a signature key with the gpg –gen-key command and use this key to encode the document. Then you send the message and signature to the recipient. It decodes the document with your public key (–decode) and checks that it hasn’t been damaged en route. He can be sure that the person who signed it is the right one, and that it’s the original message.
Conclusion on electronic signatures
The electronic signature is a very practical way of securing exchanges. It guarantees the identity of the correspondent and the origin of the document. It’s an alternative to handwritten signatures.
However, there are other ways of signing a document electronically:
Authentication: a feature of the SSL (Secure Socket Layer) protocol. It authorizes the establishment of a secure connection between the user and the Web server. During connection, the Web server asks the user to provide a login and password. These are sent to the server in an encrypted string, and the session is established. Once this step has been completed, the user accesses the secure part of the site. Authentication is also used to authenticate data sent by the client (integrity check).
To do this, the server asks the client to calculate a certain function (algorithm) on a set of data to be transmitted, and to send it the result. It can then check that the function obtained is indeed that of the client (verifies where the transmission comes from) and that it has not been altered (integrity check).
There are other types of electronic signature. The world of the Internet is constantly evolving.
Article source: www.instants-web-hosting.fr