Electronic signatures are a robust method of verifying the integrity of an electronic document. This is the digital counterpart of putting your signature on the dotted line. With the majority of organizations making a shift from paperwork to electronically managed records, the concept of signing these documents electronically is a no-brainer. This need is even more compounded in cases where those who sign on the document and those who need to verify the document work remotely. It doesn’t help that the general public perception of eSignatures is poor as compared to their physical counterpart. A recently published paper in the Journal of Experimental Social Psychology looks into the trust issues people have with eSignatures. Another paper explores the indirect side-effects eSignatures have on individual honesty and integrity. Properly implemented eSignatures are in fact very secure and resistant to tampering. This is supported by the fact that online contract signing is going manstream.
There are two regulatory acts that provide the baseline for eSignature security compliance standards for various implementations around the world; these are the ESIGN Act for the US and eIDAS for the European Union. eIDAS identifies three types of eSignatures: basic, advanced (AES), qualified (QES).
This type of signature involves the signatory putting their signature mark on the document (typed or drawn) and then protecting it with a cryptographic signature. This “witness” cryptographic signature binds the signature marking to the document. Any unauthorized changes are thus not allowed on that document. This ensures that the person putting in the signature is actually the one who is supposed to sign. Making this accurate requires implementing authentication schemes that are a precursor to the document signing process. The key used to sign documents using basic eSignature scheme can either be a centralized one from a service provider or one from the organization itself.
Advanced Electronic Signatures (AES)
Advanced Electronic Signature scheme is more secure than the basic scheme. From the 1999/93/EC EU Directive:
“advanced electronic signature” means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the signatory can maintain under his sole control; and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;”
Unlike the basic scheme where the same key was used to put a cryptographic signature on the document, AES requires that each signatory has their own unique key. The signatory’s identity must be established using the certificate provided to it by a trusted authority. The implementation should also be able to identify whether the document data has been tampered with and reject the signature in that case.
For the actual implementation, three standards are used: XAdES, PAdES and CAdES. XAdES (short for "XML Advanced Electronic Signatures") is based upon XML Signatures, which is a general purpose framework for digital signatures. CAdES (short for CMS Advanced Electronic Signatures) is based upon Cryptographic Message Syntax (CMS), which is another general purpose framework for digital signatures. PAdES (short for PDF Advanced Electronic Signatures) is one of the most popular standards. This standard defines a set of restrictions for PDF document format.
When a digital document is presented to a system, the reviewer validates that the document has not been tampered with, and makes sure that it is signed by a certificate that they trust. That certificate in turn should be trusted by another trusted certificate and so on in the chain, until we reach the trusted root - which is a certificate that is verified to be of legitimate origins and is already stored with the reviewer system. This is very similar to how web browsers validate a website’s certificate.
But what if some organization discovers that their identity has been compromised long ago and they should not trust the documents signed after that? That would require revoking the certificate. So when the reviewer is looking to verify the document integrity, they must know that the certificate they have been provided is no longer valid. This is done by using Certificate Revocation Lists (CRL), which is a list that is published periodically by the certificate issuing authority or by using OSCP, which is a protocol to obtain the certificate revocation status in real time. These methods work well but require network connectivity to work. A solution to this problem is Long-Term Validation (LTV). In an LTV scheme the required elements are embedded in the document itself, so the reviewer can verify the signature later on. One benefit of PAdES is that it supports LTV.
Qualified Electronic Signatures (QES)
QES are a more trusted version of AES. It involves a formal registration process for the signatory to verify their identity before a qualified certificate issuing authority.
eSignatures are gaining more mainstream acceptance than ever before. The combination of ease of use and security makes this technology very promising. The market is still learning to adopt it. We will see more development in this space in the coming years especially in relation to smart contracts.