Definition: A digital signature cryptographically binds a digital signature certificate, issued by a trust services provider (TSP), to a document using public key infrastructure (PKI) technology.
Digital signatures are a specific technical implementation of an electronic signature (eSignature). Electronic signatures, on the other hand, are used for workflow processes, such as applying a signature to a document and do not validate the authenticity of a document, file or software. However, a digital signature necessitates the use of a trusted third party, a Certificate Authority, to verify the user's identity and bind this identity to a PKI-based digital certificate. As a result, a digital signature provides assurance on;
- Origin - who signed the document
- Time - the date and time of the signature
- Integrity - proof that the document has not been forged or changed
- Non-repudiation - the sender cannot dispute having signed the document as the cryptographic components that make up a digitally signed document cannot be replicated or altered
Digital signatures can be used in any situation where you need assurance about the identity of a signer and the integrity of a document. They can be used in a variety of settings, with unlimited geographical reach. They are used by governments, financial services, software distribution, manufacturing and healthcare and in many other industries that rely on forgery or tampering detection techniques.
