Electronic signatures are alternatives to handwritten signatures and they enable paperless transaction. This, in turn, allows business processes to be significantly expedited. Electronic signatures are legally accepted, and are as good as handwritten signatures. In fact, the market already has some trailblazing e-signature solutions that help businesses speed up and simplify their sales processes.
However, to establish the authenticity of the electronic signature, it is important that these are securely created. By deploying cryptography techniques it is ensured that the electronic signature is authentic – the electronic signature belongs to the intended person and the integrity of contents of the signed document have not been compromised.
Cryptography Secures E-Signatures
The technique of cryptography (if the term seems bewildering, just remember that it involves encrypting information at one point and decrypting it at other points, generally by using a key to decipher the cipher text) has evolved greatly since it was developed. It has been practiced since ages, but to address the current needs, it has significantly changed.
In the current context of security needs, public key cryptography is used to secure electronic signatures. With public key, cryptography electronic signatures are sent securely. Besides, the technique also allows them to be coupled with the electronic document to be signed. All this may sound like gobbledygook to the uninitiated, so let’s take a close look at how it works.
How public key cryptography works
Public key cryptography was developed to overcome the limitations of symmetric key encryption.
- Symmetric key encryption involves only a single secret key and both sender and recipient share the same key which is used to both encrypt and decrypt messages.
- Sender and receiver only have to spell out the shared key in the start and then they can commence to encrypt and decrypt messages between them using that key.
- However, symmetric key cryptography was not a practical solution when it meant dealing with large number of people on a network.
- There is a logistic problem of communicating the symmetric key to a large number of people.
Public key cryptography is also known as asymmetric-key encryption, and
- It uses two different keys at once.
- The keys are a combination of a private key and a public key.
- The private key as the name suggests is known only to your computer, while the public key is provided by your computer to the computer it needs to securely communicate with.
- The message is sent in an encrypted form and is decoded by the other computer using a private key which is specifically intended for that computer.
- The message that is sent across the internet is available to all since the public key used for encrypting the message is published and available to all.
- But the reader may not be able to make sense out of the message as he may not be decrypt it without having a private key.
- Only the intended recipient will receive the private key.
Public key cryptography has been widely accepted as a tool for creation of digital signature because of the important advantages it offers:
1) Authentication – The recipient can verify that the message he has received was only sent by the person whom he believes to be.
2) Find out if there has been any tampering – A digital signature created using public key cryptography allows the recipient to know if the message in the document was changed or tampered with during the transit.
3) Non Repudiation –In public key cryptography, since the user is the only one who has access to the private key, he cannot deny having sent it. Hence, it is as good as a handwritten signature.
4) Convenience – Unlike symmetric key encryption, in public key cryptography you need not worry about distributing the key. The public key is published and is known to all, while the private key is kept secret.
Public-key cryptography is a major advancement in cryptography technology. It is a breakthrough, compared to symmetric-key cryptography, and is one of the major reasons why e-signature is considered valid legally.
Author Bio :-
Mrunal Khatri is associated with Signder, an innovative and comprehensive e-sign and mobile sales documentation software. Do you face problems with digital signing, workflow management and mobile sales management? Signder will resolve all issues in one stroke. You can contact on Facebook, google+, Twitter, Youtube.