|
Electronic signature can either refer to cryptographic means to add non-repudiation features to a document, or to the legal discussion comparing such signatures to their pen-and-ink equivalent.
Legal use of electronic signatures
In recent years, the terms electronic signature and digital signature have come into widespread, and somewhat confused, use. The situation is unsatisfactory in many respects, and will remain so until usage, especially in statutes and regulations, becomes more standardized. This article is about electronic signatures and not digital signatures.
In law, if a signature on a contract or other document is contested in court, the signature must meet certain tests. These requirements vary by jurisdiction, but various sorts of signatures, some entirely electronically conveyed, have been found to be valid and binding. They include Telex addresses (for example, ABC Company sends a Telex to XYZ Company making an offer at a particular price. The offer was found to be binding when the 'signature' was challenged.), telegrams (for example, "I ACCEPT, SMITH" even though Smith never actually touched the telegraph key), and faxes of documents, even in some cases where the original was not signed by the sender.
None of these examples are digital signatures in that there is no cryptographic assurance of the sender's identity and no integrity check on the text received, but all are electronic signatures, and all have been found legally binding in some circumstances.
Pseudo-legal use of electronic signatures
Some web pages (notably pornographic ones) and software EULAs use claims of various electronic actions being equivalent to a signature. For example, a web page might claim that by accessing the site you agree to a certain set of terms and conditions, or a piece of software might claim that by using it you agree to additional restrictions not divulged at the point of sale. The legal status of such claims may not yet be clear enough to justify the views of many EULA authors, and physical analogies certainly imply that such laws would not be accepted in the physical world.
Cryptographic signatures
In Cryptography, an electronic signature is used to mark a document (often an email) as 'signed' by the holder of an electronic key. If any changes are made to the document in transit, the signature will no longer be valid (interpretation of the document by a cryptographic program will reveal the fact that the document is now unsigned), and this can be used to verify that a message or document has not been altered in transit.
Cryptographic signatures are more robust than error-detecting checksum algorithms, which cannot normally detect malicious tampering of a message, only of simple communication errors.
Popular electronic signature standards include the OpenPGP standard supported by PGP and GnuPG, and the S/MIME signatures used by Microsoft Outlook. All electronic signatures require that the recipient has a way to obtain the sender's electronic key that is not vulnerable to spoofing.
When an electronic document is both encrypted and signed, it is usual to sign the document before encrypting it, in the same way that you would sign a physical letter before putting it in an envelope.
External links
| 
