A digital signature is a mathematical program that serves to demonstrate the authenticity of a digital message or an electronic document. A digital signature gives a recipient assurance that the message was created by the sender, and that it was not altered during transmission.
It consists of a cryptographic method that associates the identity of a person or a computer equipment to the message or document. Depending on the type of signature, you can also ensure the integrity of the document or message.
The digital signature of a document is the result of applying a certain mathematical algorithm, called the hash function, to its content, and then applying the signature algorithm (in which a private key is used) to the result of the previous operation, generating the electronic or digital signature.
Digital signature software must also carry out several validations, among which can be mentioned:
- Validity of the digital certificate of the signer
- Revocation of the digital certificate of the signer
- Inclusion of a time stamp.
The hash function is a mathematical algorithm that allows calculating a summary value of the data to be digitally signed. It works in one direction, that is, it is not possible, to calculate the original data.
When the input is a document, the result of the function is a number that indisputably identifies the text. If this number is attached to the text, the recipient can reapply the function and check its result with the one they have received. These types of operations are not intended to be carried out by the user, but rather software is used that automates both the function of calculating the hash value and its subsequent verification.
A basic digital signature loses the certainty of its validity when the certificate expires. An advanced digital signature remains unmistakably valid for long periods beyond the expiration of the certificate.
There are documents such as contracts or wills for which it is not appropriate to use basic digital signatures as these documents will remain in effect long after the digital certificates of the signatories expire. In these cases it is appropriate to use advanced digital signature.
The advanced digital signature contains information that allows its validity to be determined with certainty even after the digital certificate has expired. To achieve this, the digital signature includes a time stamp and validation information that allow determining the existence and validity of the digital signature at a point in time prior to the expiration or revocation of the certificate.
In Costa Rica the time stamping authorities are authorized by the MICITT Digital Certificates Directorate. Currently the only authorized time stamping authority is that of SINPE. In addition, the advanced digital signature contains validation information that allows the validity of the used certificate to be established, even if the original sources of validation information are not accessible.
This information consists of the certificate revocation lists, the OCSP service responses, and the certificate chains required to validate the certificate used to sign and the certificate chain from it to the root of the hierarchy.
For further guidance on requirements, institutions, telephone numbers and other details that you need to know when requesting your digital certificate in Costa Rica, visit the following address: www.bccr.fi.cr