Not only electronic transactions but contracts and documents made in the electronic environment are becoming increasingly popular, increasing demand for digital signatures.
So, have you ever heard of digital signatures? How does a digital signature work? What is the difference between a digital signature, an electronic signature, and a digital signature certificate? What great benefits can digital signatures bring to businesses, and is it mandatory to use digital signatures?
Digital signatures are becoming more and more popular
Find the answers to these questions with FieldCheck in the article below! In addition, we also provide some useful information in the Q&A section. Stay tuned for more!
A digital signature is a form of electronic signature. Many people often confuse and use these two words interchangeably.
Although both types of signatures are used to sign documents to represent the authenticity and integrity of a particular object, there are a few important points that set them apart.
While electronic signatures are used to verify online documents, digital signatures are to ensure the safety of papers with more security features and make them more legally binding.
To better understand what a digital signature is, let’s look into this concept through two definitions: by law and by applicability.
The Government's Decree issued in 2018 detailing the Law on Electronic Transactions on digital signatures and digital signature authentication services defines a digital signature as "a form of electronic signature created by transforming a data message using an asymmetric cryptosystem."
Accordingly, the person who obtained the original data message and the signer's public key can correctly determine the conversion of the generated data message with the correct private key corresponding to the public key in the same key pair and message content integrity since the conversion.
A digital signature is a program that uses ciphers created based on public encryption technology, through which users can sign documents and exchange confidential information on the Internet.
Specifically, digital signatures meet three important goals in information security: authenticity (indicating the message's origin) and integrity (the message cannot be viewed or changed during transmission), and non-repudiation (signers cannot delete, change, or reject signed information).
In addition, a digital signature can represent the seal of an enterprise and act as a personal hand signature, legally recognized. When signing electronic contracts, online tax declarations, issuing electronic invoices, electronic banking transactions, and other cases in the electronic environment, Digital signature exists mainly to ensure the obligations and interests of the parties participating in the signing of the above contents.
A digital signature will have two main components. A digital signature certificate is the encrypted and integral part of a digital signature. It contains all the encrypted identifying information of the business to confirm the identity of the individual or organization using a digital signature.
Data will be saved to hardware, also known as USB Token, secured with PIN or password settings after encryption. However, USB Token is not required for remote signatures using cloud technology.
As a new type of mobile digital signature with strong applicability, users can digitally sign their electronic devices anywhere, anytime, without having to depend on hardware devices.
"Digital signature = hardware (USB Token) / electronic device (PC/mobile/tablet) + digital signature certificate"
A digital signature certificate acts as an electronic identity card/passport issued by a digital signature certification service provider.
If an individual or business wants to perform digital signing, a government agency must authenticate the digital signature certificate of the signer's public key and corresponding private key.
Some basic information in the certificate of a business that purchases digital signatures will consist of the following:
The digital signature uses a public cryptographic algorithm (RSA), a classic asymmetric encryption system. The process of using digital signatures includes two steps: signature generation and signature verification.
That's why each user must have a key pair consisting of public and private keys. Thus, a digital signature will include the following elements:
A private key (sometimes called a secret key) is a key in the key pair of the RSA system used to create digital signatures. To avoid tampering, the private key must be kept secret and safe and should not be known to any party.
A public key is the other publicly shared key used to authenticate the user and verify the signature generated by the corresponding private key. The public key can be shared publicly with everyone through the content shown in the digital signature certificate.
Signer is the person who uses his private key to sign a message or text under his name digitally.
The recipient is the individual or organization that receives the data message signed by the signer and checks the digital signature using the signer's digital signature certificates. After successful confirmation, the recipient will conduct related activities and transactions.
Digitally signing is inserting a secret key into software to automatically generate and attach a digital signature to a message with information linked to text, image, or video data.
Cloud-based digital signature for users to sign anytime and anywhere
As mentioned above, digital signatures work based on public key cryptography encrypted into a device such as a USB flash drive, and digital signatures are secured with a private password generated by the private key.
Joining and the whole process of digital signature are 3 algorithms:
The signature generation software generates a one-way hashing of the electronic data to generate a digital signature. The secret key is used to encrypt the hash. The cryptographic hash function, along with other information, is the digital signature.
When a user purchases a digital signature service as an individual or a business, the relevant information will be encrypted into digital signature data and secured in the private key.
The user is then given a public key to digitally sign through the account logged in from the personal electronic device.
When the public key matches the private key, the digital signature user can perform the digital signature via a physical device called a USB Token.
Individuals and organizations using USB Token sign documents, then that signature is called a digital signature.
Businesses, organizations, and individuals are all objects that can use digital signatures.
This digital signature is used to replace the normal stamp and act on behalf of the organization's legal representative when digitally signing documents under the authority of positions in the enterprise or organization.
It is the digital signature of an individual belonging to any organization, agency, or enterprise. Therefore, when an individual signs a digital signature, it is mandatory to clearly state their title in the organization.
For transactions of an organization, it is recommended to use digital signatures of individuals in the organization to ensure the accuracy and truthfulness of the signer's title.
An individual's digital signature is used in personal transactions, so when signing digitally, the digital signature only needs to show the individual's name.
This type of digital signature is often required for electronic records, helping users conduct online transactions or use digital signature certificates to sign digital documents and documents for confirmation.
Digital signatures can be used by both individuals or businesses
Individuals can use digital signatures to sign e-invoices, e-customs declarations, e-banking/e-commerce transactions, trade securities via the Internet, or do administrative procedures online without the need to print statements or red stamps of the agency.
Enterprises and companies can also apply digital signatures to sign business contracts with foreign partners, perform online financial transactions, etc. Just sign the contract file and send it via email.
In addition, when individuals, organizations, and businesses use digital signatures, they can also get many other benefits, such as:
With digital signatures, businesses no longer have to print and manage paper documents. Organizations/enterprises can electronically sign and store vouchers and documents such as contracts, accounting records, accounting reports, management reports, etc.
Online records are legally recognized as hard copies because they have the signature of an authorized person and the seal of the organization/business.
Therefore, this is proof of non-disclaimer on the signed content, helping users feel more secure with their electronic transactions.
Digital signature has full legality
A feature of a digital signature is that it allows the signer's identity to be identified while simultaneously ensuring the integrity of the original text. Messages in documents and documents after digital signing cannot be changed or edited.
If a text/document has been digitally signed, but editing will result in invalidating data, the message will no longer have transactional value.
While ordinary hand signatures are easily imitated and forged and do not have high authenticity, digital signatures minimize forgery and over-declaration.
Digital signatures will help exchange data easily and quickly, ensure legality, and save travel time and waiting. No need to print records. Users can also do the signing anytime, anywhere.
Currently, no regulations require businesses to use digital signatures in their business activities.
Individuals and organizations have the right to choose whether to use digital signatures following the law on electronic transactions or use business registration accounts to register businesses via electronic information networks (According to Clause 3 of this Article). 26 Enterprise Law 2020)
One of the frequently asked questions besides whether a digital signature is required is the safety and security of digital signatures. The most common form of digital signing is via a USB Token with a key pair. The private key (secret key) is only issued to the digital signature user, and only that person knows the password to use. Therefore, businesses can be assured that there is no fear of digital signature forgery.
Digital signature is difficult to forge
Online tax declaration: Without a digital signature, the business cannot declare tax online because there is no method to authenticate the business's identity.
Signing valid e-invoices: e-invoices must be signed by the seller. Therefore, businesses need to use digital signatures to sign invoices properly.
Electronic social insurance declaration: businesses that want to declare social insurance electronically need a valid digital signature. A digital signature helps the competent authority to identify the person making the declaration and assign legal responsibility to that declarant.
Currently, more than 15 organizations are licensed by the Ministry of Information and Communications to provide digital signature services by the law, most notably FPT, VIETTEL, BKAV, VINA, and VNPT-CA.
The cost of using digital signatures ranges from VND 02 - 03 million per year (depending on the price of the supplier and the time of use).