What is electronic signature?
In the digital age where more and more procedures are digital, a method is needed to be able to sign documents electronically in a secure way. What is an electronic signature and how is it used to verify our identity?
What is it?
An electronic (or digital) signature is defined as a set of electronic data accompanying or associated with an electronic document. This signature is based on Law 59/2003, dated 19 December, which states that a recognised "electronic signature" must comply with the following properties or requirements:
- Identify the signatory
- Verify the integrity of the signed document
- Guarantee non-repudiation of origin
- Involve a trusted third party
- Be based on a recognised electronic certificate
- Must be generated with a secure signature creation device.
In this same law, a distinction is made between two types of electronic signature:
- Advanced electronic signature: is one that allows the signatory to be identified and any changes made after the document has been signed to be detected. It uniquely links the signatory and the signed data and is created by means under the signatory's sole responsibility.
- Recognised electronic signature: is an advanced electronic signature, but it is based on a trusted digital certificate and has been generated by a secure signature creation device. It has the same value for digital data as the handwritten signature on paper based data.
What is it used for?
It is used to digitally sign documents, to carry out administrative procedures and to perform various operations via the Internet, something that is achieved by calculating the hash of the message and encrypting it with the private password of the electronic signature. By signing the document digitally we make the message unchangeable and verify that the document comes from the sender who has signed it.
The function of the hash is to ensure that the transmitted message has not been modified and the hash signature provides authentication and non-repudiation of the origin of the message.
In Spain, there are two ways for individuals to digitally sign a document in an official manner:
- Digital certificate from the FNMT (National Mint) for individuals.
- Electronic DNI.
How do you get a digital signature?
In order to sign with an Electronic DNI, it is necessary to have hardware and software components that allow it. While the DNIe only allows signature by direct contact between the chip and a smart card reader that connects to a computer, the DNI 3.0 allows contactless signature through NFC, similar to contactless bank credit/debit cards, using compatible devices such as a smartphone, tablet or NFC reader.
To obtain the digital certificate for a natural or legal person from the FNMT so that you can digitally sign documents, directly from the computer without the need for card readers or other NFC devices, you have to request it at the website of this organisation. To do so, you will need to fill out the appropriate electronic certificate application form and identify yourself at an authorised location, such as a social security office. Once the certificate is issued, you can download it onto the same computer from which the request was made and install it. If you want to use it on several computers, you must mark the private code as exportable and protect it with a password.
When signing contracts, agreements or any important digital document, the electronic or digital signature ensures that it cannot be changed and verifies the identity of the sender.