How Digital Signatures Work
This is the simplest version of how a Digital Signature works. A "Digital Signature" is slightly different than an "Electronic Signature", which is a broader term simply referring to any indication of agreement and identity.
A "Digital Signature" often refers to a Public / Private Key encryption system, the most common of which is "PGP", or "Pretty Good Privacy", which is a bit of humorous understatement as it's the basis of most military security and included in export regulations as a U.S. national security secret.
The way this works is each person has TWO keys, one private, kept secret, and one public, which you publish online, give away freely, paste on your website, and add to a type of "public address book" called a keyserver. Anyone who wishes to ensure that only you will open a message will need this.
The way a digital signature (public / private key encryption) works is:
- The public key can only unscramble what the corresponding private key has protected.
- The private key can only decrypt what the corresponding public key has encrypted.
So when Bob sends Jane a message, and both want to be sure it's kept secret.
Bob then encrypts the message using his personal private key (which ensures he's the only writer, since Jane will later retrieve Bob's "Public Key" from the key-server), and then encrypts it again, for the 2nd time, using Jane's public key (which requires her private key in order to read).
This ensures that Jane is the only reader, and Bob was the only writer.
Anyone who wanted to maliciously forge Bob's message would need access to Bob's private key. Once any message is encoded using Jane's public key, only her private key could make the message (or digital file) decipherable.Encrypting it only once using Jane's public key ensures she's the only reader, but anyone could have written it.
As a practical matter, many people are concerned over legal enforceability. To date, there have been numerous legal cases in which documents signed digitally were used or referenced, and digital signatures have been legally binding since signed into law since President Clinton. However, laws vary by jurisdiction outside the U.S. though they are legally binding within the E.U.
To get a free trial of the iSignature electronic signature system, please visit us at iSignature.