in the era of digitization in which more and more operations are digital, a means is needed to be able to electronically sign documents in a secure way. What is the electronic signature and how is it used to verify our identity?
The electronic (or digital) signature is defined as the set of electronic data that accompanies or is associated with an electronic document. This signature is based on Law 59/2003, of December 19, which indicates that the recognized “electronic signature” must meet the following properties or requirements:
- Identify the signer
- Verify the integrity of the signed document
- Guarantee non-repudiation at origin
- Have the participation of a trusted third party
- Be based on a recognized electronic certificate
- It must be generated with a secure signature creation device
In this same law, two types of electronic signature are distinguished :
- Advanced electronic signature: it is the one that allows to identify the signer and detect any changes after the document is signed. It uniquely binds the signer and the signed data and has been created by means under the sole responsibility of the latter.
- Recognized electronic signature: it is the advanced electronic signature, but it is based on a recognized digital certificate and has been generated using a secure signature creation device. It has the same value for digital data as the handwritten signature on paper data.
What is it for?
It is used to digitally sign documents, to carry out administrative procedures and to carry out different operations over the internet, something that is achieved by calculating the hash of the message and encrypting it with the private key of the electronic signature. By digitally signing the document we ensure that the message cannot be modified and verify that the document comes from the sender who signs it.
The function of the hash is to ensure that the transmitted message has not been modified and the signature of the hash provides authentication and non-repudiation of the origin of the message.
In Spain, natural persons have two ways to officially digitally sign a document:
- Digital certificate of the FNMT of natural person.
- Electronic DNI.
How is the electronic signature obtained?
To sign with the electronic DNI , it is necessary to have hardware and software elements that allow it. While the DNIe only allows the signature by direct contact of the chip with a smart card reader that connects to a computer, the DNI 3.0 allows contactless signing through NFC, in a similar way to bank credit / debit cards contactless, using compatible devices such as a smartphone, tablet or NFC reader.
To obtain the digital certificate of a natural or legal person from the FNMT and that we can digitally sign documents, directly from the computer, without the need for card readers or other NFC devices, we will have to request it on the website of this organization . To do this, we must fill out the application for the corresponding electronic certificate and identify ourselves at an authorized headquarters, for example those of the Social Security. Once the certificate is issued, we can download it on the same computer from which the request was made and install it. If we want to use it on several computers, we must mark the private key as exportable and protect it with a password.
When signing contracts, agreements or any important digital document, the electronic or digital signature ensures that it cannot be modified and verifies the identity of the sender.