By Markus Hoffmeister & Klaus Schmeh, cryptovision GmbH.
Developed in the 1970s, digital signatures are the technology of choice when it comes to protecting eID cards from forgery and manipulation. More generally speaking, digital signatures are an important means for making digital documents – such as contracts, receipts, and orders – reliable, provided that the private key used is stored in a protected environment. An eID card is an ideal solution for thispurpose. It is therefore justified to say that digital signatures are an importantmeans to enable electronic identity documents, while electronic identity documents are an important means to enable digital signatures.
Digital signatures: mathematics used in practice
There was a time when a discussion about digital signatures typically started with an explanation that a digital signature is not a scanned manual signature. Meanwhile, at least in the eIDbusiness, such a clarification is not necessary anymore. Instead,it is common knowledge that a digital signature is a checksum created with a private key and verified with a public key. The theory behind digital signatures, mainly developed in the 1970s, is an interesting example of how advanced mathematics (in this case: number theory) can be applied in everyday life.
Digital signatures solve one of the major security problems thatoccurs whenever analogue processes are digitalized. While it isdifficult to alter a physical document – such as a money bill ora signed order – without leaving traces, it is ridiculously easy to change or forge a digital document. To prevent this, data canbe digitally signed. As a digital signature requires a private keyonly known to its owner and as each alteration of the signed data changes the signature (i.e., the checksum), fakes and changes are easily detected.
Digital signatures are an important technology enabler for electronic identity documents. Virtually every eID card bears a digital signature that protects its digital content from alterationsand prevents forgeries. The ICAO 9303 standard requires a digitalsignature as a part of the Logical Data Structure (LDS), which contains the personal data stored on an eID document.
However, a digital signature does not protect data from being copied (because it is always possible to copy the signature along with the signed data). In addition to including a digital signature,an electronic identity document therefore should be equipped withphysical security features that are hard to counterfeit. Apart from this, such a document needs to contain a tamper-proof chip, the content of which cannot be copied. To unambiguously identify this chip (and the card and its holder), again digital signatures come into play. Using a private signature key stored in the chip, the cardholder can identify himself in a secure and easily verifiable way bycreating a digital signature.
eID enables digital signatures
Digital signatures are not only a technology enabler for eID cards – it’s also the other way around. There are numerous applications of digital signatures that are not eID-related, examples including contract signing, signed receipts, signed bills, and code signing. It is clear that such a usage is only secure and convenient if the user’s private key is stored in a protected environment he has easy access to. An electronic identity card is ideal for such a purpose. For this reason, modern multi-purpose eID cards usually provide a digital signature application.
Electronic identity cards with a digital signature application are generally expected to make digital signatures more popular. Ben Drisch, eID consultant at cryptovision, explains: “The more people have an electronic identity document that supports digital signatures, the more attractive this technology will be for both users and service providers.” The legal foundation for a wide spread digital signature use has long been laid, with countries all over the world having created digital signature acts. As one of the most important legal frameworks of this kind, the European Electronic Signature Regulation (also known as eIDAS) has been put into practice.
While it is easily possible to implement digital signatures in software only, with keys stored on the user’s hard drive, eIDAS and most other digital signature acts require that the private key of the user is stored on a smart card or in a similar hardware environment – at least for the more important digital signature applications. As eID cards are ideal for this purpose, digital signature legislation is generally considered an important eID supporter.
Digital signatures and future technologies
In many countries, it is already possible to digitally sign a tax declaration and other e-government documents. Code signingand workflow signing are popular digital signature applications,too. Nevertheless, there is still much room for additional digital signature usage, including electronic banking, e-procurement, and digitally signed contracts.
cryptovision’s Ben Drisch expects that additional applicationfields will develop soon: “Almost all major future technologies inthe IT sector, including cloud computing, internet of things, andblockchain, will profit from digital signatures or even require them.” Cloud computing, for instance, by definition takes awaydata from the user’s control, which makes alteration easily possible – something that can be prevented with digital signatures. In the internet of things, protecting data and identities with digital signatures plays a crucial role, too.
And then, blockchain is a technology that inherently depends on digital signatures, because all transactions need to be digitally signed. Using an eID card for signing a blockchain transaction is an interesting option that may close the gap between independent payment systems, such as BitCoin, and state-run identity cards. Perhaps, a blockchain-based payment function will one day be a standard application of an eID card. The digital signature functions of electronic identity cards will certainly support this.
Wesign deals in Online document signing software. Free email digital signature software that lets users sign, send, and authenticate digital documents.