Digital Signature

Introduction

The concept of a digital signature was established to recognize unauthorized changes to mask fields. A pair of keys is used for this purpose: a private and a public key (asymmetrical encoding process). This function is usually available in the article, document and project administration (the field contents are summarized in a “document”).

For a fee you can receive the pair of keys (the so-called "private exchange file") from a certification bureau, which ensures that the generated keys are unique. They also determine and certify the identity of the key owner.

Principle of the Digital Signature

Signature Setup

The following steps are necessary to create a digital signature:

  • Create the "Fingerprint"
    The contents of the "document" (the field contents) is condensed with the Hash-Algorithm, in order to create the signature in the shortest time possible.
  • Create the signature
    In the second step the signature is created from the "finger print". The user’s private key is used for this purpose. This key was created especially for this user and is protected by a PIN (Personal Identification Number) from misuse.

Checking the Signature

Checking the signature is similar to the creation process:

  • Create the "Fingerprint"
    The content of the document is condensed (again by the Hash-Algorithm). The same fingerprint emerges as occurred in creating the signature as long as no changes were made to the document.
  • Verify the Signature
    In the second step the signature is encoded with the sender’s public key and a second "fingerprint" is created. (The public key is embedded in a certificate that was signed by the certification bureau, therefore, ensuring its authenticity).

There are now two "fingerprints" that are identical as long as the document has not been changed. If a deviation is present that means that a document was changed or that another user signed the document (in the second case the private and the public keys do not correspond).

Further information, guidelines, and laws for digital signatures can be found at the Electronic Privacy Information Center.