Electronic Signature

Basic concepts

Introduction

Security is one of the key concepts to which the administration, into the field of information technology and communications (TICK), you must pay greater attention: the administration has to extend the legal guarantees that offers citizens and businesses to efforts undertaken in electronic form.

The documents that are generated electronically are associated with three concepts that are necessary to safeguard and which are the confidentiality, integrity and authenticity:

  • Confidentiality refers to the ability to maintain an electronic document inaccessible to all, except for a given list of people.
  • The integrity guarantees that document received coincides with the document issued without any possibility of change.
  • The authenticity refers to the ability to determine whether a given list of people has established its recognition and/or compromise on the content of the electronic document. The problem of authenticity in a traditional document can be solved through the physical signature. Through its physical signature, an individual, or several express their willingness to recognize the content of a document, and in his case, to comply with the commitments that the document set to the individual.

These problems, confidentiality, integrity and authenticity (defined processes signing and encryption) are resolved through the technology called cryptography. Cryptography is a branch of mathematics which, when applied to digital messages, provides the tools suitable for solving problems mentioned above. The problem of confidentiality is commonly associated with encryption called techniques and the problems of the integrity and authenticity with techniques denominated digital signature, although both in reality is reduced to cryptographic procedures for encryption and decryption.

What is asymmetric cryptography?

Asymmetric cryptography cryptographic is the method that uses a pair of complementary keys, public and private, to encrypt documents or messages. What is encoded with a private key requires the corresponding public key to be decoded. And vice versa, as encoded with a public key can only be decoded with your private key. The private key must be known Only by its owner, while the corresponding public key can be issued openly.

The fact that the private key is only known by its owner allows us to achieve two important things:

  • Any document generated from this key necessarily must have been generated by the key's owner (electronic signature).
  • A document to which applies the public key can only be opened by the owner of the corresponding private key (electronic encryption).

What is an electronic certificate?

An electronic certificate is a document issued and signed by a certification authority that identifies a person (or legal entity) with a key pair. A certificate contains the following information:

  • Identification of the holder of the certificate (Name of the holder, NIF, email, …).
  • Hallmarks of the certificate: serial number, which issued it entity, issue date, period of certificate validity, etc.
  • A key pair: public and private.
  • The electronic signature of the certificate with the key of the certification authority (AC) which issued it.

All this information can be divided into two parts:

  • Closed part of the certificate: private key.
  • Public part of the certificate: rest of certificate data, including the electronic signature of the certification authority which issued it.

The private party is never ceded by its owner. This is the basis of security. With the key pair can be performed encryption functions with the peculiarity that what is figure with the only private can be verified with the public and vice versa.

What is an electronic signature?

The private party is never ceded by its owner. This is the basis of security. With the key pair can be performed encryption functions with the peculiarity that what is figure with the only private can be verified with the public and vice versa.

  • It is not possible to refetch the message from the fingerprint generated.
  • If you change the message, the fingerprint you get is different. These two features guarantee the integrity of the message. If you change the content of the message, which verifies the signature will know.

The fingerprint corresponds with the private key of the certificate of the person signing. Using the mechanisms

How is it generates an electronic signature?

  1. You get a fingerprint of the digital document that you want to sign. This ensures that fingerprint two separate documents generated different fingerprints and two documents equal always produce the same fingerprint.
  2. Encryption is carried out (by mathematical algorithms) of the fingerprint with the private key of the certificate. This ensures the authenticity as it is the owner of the certificate the only one that has been able to perform this encrypted.
  3. It encapsulates all documentation in a document signed that includes:
  • Original document (optional).
  • Fingerprint encrypted with the private key.
  • Public part of the certificate.

Verification of an electronic signature

  1. Decrypts the fingerprint encrypted with the private key through the public key of the certificate.
  2. You get the fingerprint of the original document.
  3. Compares fingerprints. If match, the signature is correct (there are integrity, the document has not been modified).
  4. Is consulted certification authority station by the certificate's validity and if it is valid, the signature in addition to correct is valid (guaranteed the authenticity of the origin of the signature).