Electronic signatures

Electronic signature is a set of electronic data accompanying or associated with an electronic document and the basic functions of which are:

• Identify the signatory unequivocally.
• Ensure the integrity of the signed document. He assures that the signed document is exactly the same as the original and that it has not been altered or manipulated.
• Ensure non-repudiation of the signed document. The data used by the signatory to make the signature are unique and exclusive and, therefore, subsequently, he cannot say that he has not signed the document.

The legal basis of the Electronic Signature is contained in Law 59/2003 on Electronic Signature and is further developed in the Legal Base section of the Signatures. The section also explores, under what circumstances the law equates electronic signatures to handwritten signatures, adds notes to European regulations and makes different legal references to time-stamped and advanced signatures.

A digital certificate or an electronic ID is required to sign a document.

The electronic certificate or the electronic ID card contains cryptographic keys that are the necessary elements to sign. Electronic certificates aim to unequivocally identify your holder and are issued by Certification Service Providers.

You can learn more about certificates in the Electronic Certificates section.

The basic process for electronic signatures is as follows:

• The user has an electronic document (a spreadsheet, a pdf, an image, even a form on a website) and a certificate that belongs to him and identifies him.
• The application or digital device used for the signature summarises the document. The summary of a large document can be just a few lines. This summary is unique and any amendment to the document also implies a modification of the summary.
• The application uses the private key to codify the summary.
• The application creates another electronic document containing that codified summary. This new document is the electronic signature.

The result of this whole process is an electronic document obtained from the original document and from the signatory's keys. The electronic signature, therefore, is the same resulting electronic document.

Some of the questions that may arise in the previous process are:

• What tool should I use to sign?
• Do I need to install something on my computer?
• And when I sign an online form, should I install something or my browser already does everything automatically?
• How do I use electronic ID from my computer? How do I install the ID reader?

As we are talking about electronic signatures, the signature must be made by electronic means and you can do it in two ways:

• Downloading an application on your PC: In this case you use to sign the application that you install on your computer and do not need to be connected to the internet. The application to be used is AutoFirm, from the Ministry of Finance and Public Administrations. You can see more information about this, and download it in the Signature Applications section.
• Signing directly on the Internet: This option is mainly used when signing forms or applications, for example, in relation to the Public Administration. But you can also sign your own documents on the Internet using the service offered by KOHe. To sign, a component that works on the same browser must be downloaded.

In both cases you need an electronic certificate. Instructions on how to install your certificate can be found in the Browsers and Computer section. And on the page of the Electronic DNIe you will find a section about the installation of the DNIe reader and its use.

It provides three features in online communication: signatory identification, data integrity and non-repudiation.

But apart from that, the practical applications of it are many and varied.

In general, they are oriented to perform Internet operations that in everyday life require a firm to validate them.

Examples of operations that can now be carried out using the digital signature are:

• Implementation of the Declaration of Income through the Internet.
• Applications in electronic administrative registers
• Request for working life.
• Receipt of electronic notifications.
• Signature of emails.
• Electronic invoice signing.

If we receive a signed document, we are interested in validating the signature, that is, checking that the signed data correspond to the originals, that the certificate with which it has been signed is valid and that the structure of the file is correct.

How do we know if a signature is valid?

We can check the validity of the signature of a document, see who is the signatory and the document signed in KOHe.