Show TOC

Digitally Signing Digital DocumentsLocate this document in the navigation structure

Use

You digitally sign digital documents for the same reasons that you sign ordinary documents. Because of the way you create digital signatures, you can also verify the integrity of the document. If the document has been changed after being signed, then the process of verifying the signature fails.

For more information, see Verifying Digital Signatures

Reasons for digitally signing documents include the following:

  • To state that you have read or approved the document, for example, approving requests

  • To obligate yourself to the terms of the document, for example, closing paperless contracts or purchasing products over an online catalog

  • To protect data integrity, for example, signing archives for auditing purposes

Prerequisites

  • You possess a pair of keys.

    One key is public; the other key is private. How you obtain these keys depends on the public-key infrastructure of your organization.

  • You have a digital document to sign.

Process

As business user, you indicate that you want to sign a document and the system does the rest.

Note

This step may also include a part of a business workflow where the system requests a digital signature before proceeding. You need to give the system explicit access to your private key, for example, by providing a PIN or passphrase that allows the system to access the smart card or file where your secret key is stored.

The figure below illustrates what happens when you digitally sign a document:

Figure 1: Digitally Signing a Digital Document

The following explains what happens at each step:

  1. A hash algorithm is applied to the document or message.

    The result is a message digest for the document. This message digest represents a unique fingerprint for the document. If a cryptographic hash algorithm is used, then it should be impossible to compute another meaningful input message that will produce the same digest.

  2. The private key of the signer is applied to the message digest to create a signed message digest.

  3. The document (in plain text), is packed together with the signed message digest to create a digitally signed document.

Result

The result is a digitally signed document that you can process in the same way as any other document. For example, you can send it, save it, or archive it. By verifying the digital signature, you can prove who the signer of the document was, as well as the integrity of the document.