The electronic signature is identical to the handwritten signature and enables the conformity of a document to be validated through computer systems. Advances in the digital field have amplified the phenomenon of dematerialization of paper documents and are leading the world towards a more frequent use of e-signatures. But is an electronic signature secure to guarantee document authenticity and data protection?
The electronic signature system relies on cryptography to implement its computer security, the operation is invisible to the user and is generally carried out by means of electronic signature software. Indeed, the signature links a public key to a private key by hashing in order to sign and authenticate the identity of the issuer while guaranteeing the integrity of the document. The public key is then used to decipher the hash and the hash is then recalculated by the recipient’s electronic signature software. If the hash is identical to the original document, the recipient is notified of the authenticity of the document and will obtain the identity of the signatory. In practice, the sender simply views the document to be signed, signs it by clicking on the “sign” icon and selects the electronic certificate to validate the sending.
Electronic signatures were officially recognized by law in 1999 in the European Union through the creation of Directive 1999/93/EC, making the value of electronic signatures identical to handwritten signatures. Private bodies whose objective is to validate the authenticity of this type of signature by issuing digital certificates have been created and since 1 July 2016, the updating of the regulation in the EU has made it possible to homogenize the standards of electronic signatures and simplify document management.
However, it should be pointed out that a digital signature made with a stylus on a touch screen also corresponds to an electronic signature (recognised since 2010) although this uses a different method from cryptography for security.
The electronic certificate is similar to an individual’s identity card, which is currently structured to contain all the private and public information essential for issuing and validating a signature. It enables a digital document to be signed by guaranteeing that the identity of the signatory is clearly and immediately recognized, making it an entity requiring a more advanced security procedure. To do this, the issuance of this certificate requires preliminary identity verification operations with a Certification Authority: the applicant must then send copies of the identity documents followed by a physical visit to the premises to carry out the identity verification required by the certification policy.