Publish Date (02/04/2011)
We get many enquiries asking whether we provide individual digital signatures. Unfortunately our digital signature solution is about automating the Digital Signature infrastructure for organisations (using Adobe Digital Signature ES2) – placing the act of issuing and signing documents in a workflow, and then validating the documents that have been received as digitally signed are as described automatically. We are not a Certification Authority, so we can’t help with that.
But in light of the enquiries we thought we would provide a little information on the options available to you for digital signature.
Microsoft Documents and PDF’s
It’s possible to digitally sign MS Office documents if you have MSO 2007, and PDFs if you have Adobe Acrobat (not Reader). Use of both consists of two actions – first inserting the placeholder for the signature (making it possible to digitally sign), then applying the signature (digitally signing). So you can probably already create documents to be digitally signed. Incidentally what it looks like on the documents is of little or no importance – it is not the look, but the code that lies underneath that matters.
Trusted Third Parties
However if you want your digital signature to mean something, there are some hoops that you need to jump through, and which hoops depend on which standard you want to adhere to. Typically they all require that you enrol with a third party business specifically set up to provide the infrastructure for the standard. Service providers include ARX, GlobalSign and Avoco. The role of the third party is to provide a mutually trusted organisation for both parties to the document to recognise. They act as the legal arbiter that can say with confidence that a document has been issued or signed by the organisation that claims to have issued or signed it. This is the bit that you probably haven’t done yet.
Your signature will be comprised of 6 things: -
- Your public key: This is the part that anyone can get a copy of and is part of the verification system.
- Your name and e-mail address: This is necessary for contact information purposes and to enable the viewer to identify the details.
- Expiration date of the public key: This part of the signature is used to set a shelf life and to ensure that in the event of prolonged abuse of a signature eventually the signature is reset.
- Name of the company: This section identifies the company that the signature belongs too.
- Serial number of the Digital ID: This part is a unique number that is bundled to the signature for tracking and extra identification reasons.
- Digital signature of the CA (Certification Authority): This is a signature that is issued by the authority that issues the certificates.
Items 5 and 6 are the things you get from the third party. They are what allow other people to trust items 1-4 which are provided by you and can easily be faked.
To find out more, call us on 0845 226 3351, click on the Contact Us button.