eSignatures provide numerous benefits like they are suitable for the life of the contract, doing away with repetitive signing, negotiations can be accelerated because each step in the process is authenticated and easily accessed by all parties, critical issues can be flagged and tracked until final execution, even if the parties are geographically diverse, signatures are done electronically, so there is no delay in updating or executing contracts. However, one of the main reasons for moving away from paper-based signatures is to protect the document’s integrity and verify the signer’s identity.
To the signers, an eSignature happens instantaneously and seamlessly. All it takes is a few clicks for a document to be signed digitally. But behind the scenes, there is a complex series of events that unless you are a techie or live and breathe e-signatures, it’s challenging to wrap your mind around how eSignatures work. Terms like “public key infrastructure,” “digital certificate,” and “hash function” can muddy the water if you are not already familiar with the detailed digital landscape. This whitepaper covers what happens behind the scenes and how the underlying technology verifies the signer’s identity and that no changes have been made since the signature was applied.
3 steps that take place when an e-signature is applied
1)When the signer clicks on the sign button, a unique digital fingerprint is created, i.e., the document’s Hash.
The hash functions are one-way functions which means it is impossible to reverse the resulting value to get the original content. A simple example of a hash function is if you send someone the message of 345, the recipient reads it 345, but he cannot be sure if what they have received is an original message. One also has to send a hash value if your hash algorithm is set up to add the numbers, then the hash value would be 3+4+5=12, which means the integrity of the message is preserved. If you receive the message as 345 and the hash value anything other than 12, the integrity of the message is compromised.
In practice the text in the quotes has a SHA-256 has value which looks something like “16a27f6aa52eff91cd52ab5cbb1a802f4ee04dbbb07a308e0b2f 897bb807a4aa”. The original message isn’t disclosed even if one knows the hash value. Only if the SHA256 hash function is run on the original message and the 2 hashes match it will validate the integrity of the message.
2)The Hash is encrypted using a unique private key that is assigned to the signer. The signer’s public key and encrypted Hash are combined to form a digital signature appended to the document
3)The digitally signed document is ready for distribution.
3 steps that take place when validating the signature
1)When a person opens the document in a program like Adobe Reader or MS Office, the software decrypts the document hash by automatically using the signers public key included in the digital signature in the document.
2)There are 2 ways in which Hash is calculated and matched. First, the program calculates the new Hash for the document, and the encrypted Hash is decrypted using the signer’s public key. If the hashes match, then the program displays the message that “The document has not been modified since the signature was applied.”
3)The program also validates the public key used in the signature belongs to the signer and displays the signer’s name.
Examples of Verified Signatures
Once the verification process of the signer’s identity is completed, it is essential to know that there are no changes that have been made, let us take a quick look at how people view the signed document.
Digital signatures are a tried & tested technology that has been growing in popularity among various industries like BFSI, healthcare, real estate, education etc. for years. You know relying on wet ink signatures is expensive and time- consuming. You know the logic of what goes behind the scenes. Verifying the signer’s identity and protecting document integrity are two of the biggest concerns people have when moving away from paper-based signatures. So, what are you waiting for? It’s time to kick paper to the curb and embrace eSignatures.
Book a Demo now!
Why choose Certinal for Trust & Security in eSignatures?
Certinal is a wholly owned subsidiary of Zycus, the pioneer in Cognitive Procurement. A familiar name and market leader with years of experience in managing critical contracts & agreements, Zycus boasts of over Fortune 1000 enterprise clients and deployments of procurement and sourcing suite of products. Digital Signing has always been a focus area for Zycus. Thus, Certinal was born with the stated goal of offering the Trust & Security in eSignatures solution that will be easy-to-use, 100% secure to deploy, and legally compliant around the world. We stand committed to providing a one-stop solution to large enterprise customers, compliant with various security standards and conforming to different regional regulations.