What is the Electronic Signature?

Basic concepts:

  • Security:

    Security is one of the key concepts to which the Administration, in the field of Information and Communication Technologies (ICT), must pay the utmost attention.

    The Administration must extend the legal guarantees it offers to citizens and companies to the efforts made in electronic form. The problem of authenticity in a traditional document is solved by the autograph signature. By means of their autographic signature, an individual, or several, manifest their will to recognize the content of a document, and if necessary, to comply with the commitments that the document establishes for the individual.

    • These problems,nbsp;confidentiality, integrity and authenticity (the defined processes of signature and encryption) are solved by the technology called cryptography. Cryptography is a branch of mathematics that, when applied to digital messages, provides the ideal tools to solve the aforementioned problems. The problem of confidentiality is commonly related to so-called encryption techniques and the problems of integrity and authenticity with so-called digital signature techniques, although both are actually reduced to cryptographic encryption and decryption procedures. :

    Asymmetric cryptography is the cryptographic method that uses a pair of complementary keys, public and private, to encrypt documents or messages. What is encoded with a private key needs its corresponding public key to be decoded. And vice versa, what is encoded with a public key can only be decoded with its private key. The private key must be known only by its owner, while the corresponding public key can be publicly disclosed.

    The fact that the private key is only known by its owner allows us to achieve two important things:

    • Any document generated from this key must necessarily have been generated by the owner of the key (electronic signature).
    • A document to which the public key applies can only be opened by the owner of the corresponding private key (electronic encryption).

    What is an electronic certificate? :

    An electronic certificate is a document issued and signed by a certification authority that identifies a person (physical or legal) with a key pair. A certificate contains the following information:

    • Identification of the certificate holder (Name of the holder, NIF, e-mail,…).
    • Certificate badges: serial number, entity that issued it, date of issue, period of validity of the certificate,...
    • A pair of keys: public and private.
    • The electronic signature of the certificate with the private key of the certification authority (CA) that issued it. This is the basis of security. With the key pair encryption functions can be performed with the peculiarity that what is encrypted with the private key can only be decrypted with the public key and vice versa.

      What is an electronic signature? :

      An electronic signature is a fingerprint of a document encrypted with a key. The fingerprint is obtained by applying a mathematical algorithm to a message. This algorithm has two fundamental characteristics:

      • There is no possibility of retrieving the message from the generated fingerprint.
      • If the message is changed, the resulting fingerprint is different.

      These two characteristics guarantee the integrity of the message. If the content of the message is changed, the person verifying the signature will know.

      The fingerprint is encrypted with the private key of the certificate of the person signing. Applying the verification mechanisms, the recipient will know who signed and that person cannot repudiate the authorship of the message.

      How is an electronic signature generated? :

      1. Se obtiene una huella digital del documento digital que se quiere firmar. This fingerprint ensures that two different documents generate different fingerprints and two equal documents always generate the same fingerprint.
      2. Encryption (by mathematical algorithms) of the fingerprint is performed with the private key of the certificate. In this way, authenticity is guaranteed since it is the owner of the certificate who has only been able to perform this encryption.
      3. All documentation is encapsulated in a signed document that includes:
        1. Documento original.
        2. Huella digital cifrada con la clave privada.
        3. Parte pública del certificado.

      ¿Cómo se verifica una firma electrónica? :

      1. Se descifra la huella digital, cifrada con la clave privada, mediante la clave pública del certificado.
      2. Se obtiene la huella digital del documento original.
      3. Se comparan las dos huellas digitales. If they match, the signature is correct (there is integrity, the document has not been modified).
      4. The issuing certification authority is consulted for the validity of the certificate and, if it is valid, the signature as well as correct is valid (the authenticity of the origin of the signature is guaranteed).