Electronic and Digital Signature

Understand the Difference

Digital and Electronic Signature allows your department to eliminate the manual process of collecting signatures, the physical shipment of documents, the authentication of signatures and the management of physical papers, thus reducing costs, simplifying processes and substantially streamlining the formalization of documents.

The Comparison

The Digital Signature, as its name says, is used to sign any electronic document. It has unquestionable legal validity and is equivalent to a signature in one's own hand. It is a technology that uses encryption and links the digital certificate to the electronic document that is being signed. Thus, it gives guarantees of integrity and authenticity.

The validity and legal admissibility of the digital signature are guaranteed by article 10 of MP No. 2.200-2, which instituted the Infrastructure of Brazilian Public Keys - ICP-Brasil, conferring the assumption of legal veracity in relation to the signatories in the statements contained in the documents, in an electronic format.

The Electronic Signature is a service that allows one to formalize, without the need for a digital certificate, the acceptance of the conditions described in an electronic document. Technical evidence of receipt, reading and agreement are recorded and stored on the QualiSign Portal.

Comparison Digital Signature Electronic signature
How to Sign Signs with a digital certificate With login and password + SMS + Digital biometrics or a combination of them
How to prove authorship it is equivalent to the signature of one's own hand (MP 2,200-2, paragraph 1, art. 10) Based on evidence collected at the time of signing
Signature format No prior agreement required Accepted by the parties as valid
For which cases is it recommended?
    For cases involving:
  • • Greater legal security;
  • • Business risks;
  • • Significant value involved
  • • Question about the impact that the proof of authorship can cause;
  • • Compliance;
  • • Sign contracts and documents between companies.
    For cases involving:
  • • Lower business risk documents;
  • • Lower impact;
  • • Documents involving Individuals as signatories;
  • • Internal documents that require a simple approval, acceptance or agreement to an adherence contract and others.

Characteristics

Any change in the electronic document causes the signature to be invalidated, thus guaranteeing the principle of unalterability.

The author of the digital signature uses their private key to encrypt it in order to guarantee authorship in an electronic document. This authenticity is only achieved because the private key is accessible exclusively by its owner.

When a someone digitally signs a document, they use their private key to encrypt the document. Thus, they are prevented from denying the authenticity of the message.

Ensured by article 10 of MP No. 2.200-2, that instituted the Infrastructure of Brazilian Public Keys - ICP-Brasil, conferring the assumption of legal veracity in relation to the signatories in the statements contained in the electronic documents, produced by means of the certification process provided by ICP-Brasil.

Applicability

The digital signature can be applied to the most diverse types of electronic documents:

Such as:

- Contracts;

- Powers of Attorney;

- Reports;

- Emails;

- Certificates;

- Web forms;

- Reports;

- Images;

- Mandates;

- Notifications;

- Balance sheets;

- Statements;

- Petitions;

- Exam results;

- Medical records;

- Proposals;

- Insurance policies;;

- Electronic files transferred between companies (EDI);

- Among others.

Thus, it makes it possible to eliminate the use of paper and reduce the issuing, storing and disposing costs for these documents.

Benefits

With document shipment (courier, post office and others), paper printing (toner and ink), physical storage (warehouse, files, safes and others), document management (control, query, validity, audit, location and recovery) and signature recognition (digital signature).

How long does it take you to formalize a paper contract? If it depends on the QualiSign Portal, it is very fast. It is enough for the parties to access the web, regardless of where they are physically, having their digital certificates in hands to sign the contract.

Authenticity, integrity, non-repudiation, reliability, inability to backdate in time, minimization of fraud and state-of-the-art technology infrastructure.

You can sign a contract or any document anywhere on the planet, with your digital certificate, a card reader and access to the web. At any time.

Questions on Digital Signatures

The digital signature is a form of electronic signature, resulting from a mathematical operation that uses cryptography and allows you to check the origin and integrity of the document in a secure manner. The digital signature is so linked to the electronic document that, if any changes are made to the document, the signature becomes invalid. The technique allows one not only to check the authorship of the document, but also establishes a “logical immutability” of its content, since any change in the document, such as the insertion of another space between two words, invalidates the signature.

Technically, a digital signature is a set of data that follows or is logically associated with a coded digital message, which can be used to certify the document's author, as well as to ensure that the message has not been modified since it was first submitted by the author.

The digital signature is created at the time of signing the Cryptographic Summary (WHAT) of a file with the user's private key (WHO). Once the public key is distributed as part of the digital signature, anyone who sees the signature will be able to check that it was signed by the corresponding private key. In this way, both the sender and the recipients can associate the sender's identity with a specific file (WHO did WHAT). Digital signatures, for most documents, have the same legal force as paper signatures.

In the context of the QualiSign Portal, a Digital Signature meets two purposes:

- Associating a person's identity with the original digital document;

- Ensuring the integrity of the digital document (electronic content).

The word cryptography has a Greek origin and means the art of writing in codes, in order to hide information in the form of an incomprehensible text. Encrypting, or the encryption process, is performed by a computer program that performs a set of mathematical operations and transforms clear text into cipher text, in addition to inserting a secret key in the message. The document issuer submits the ciphertext, which will be reprocessed by the receiver, transforming it again into readable text, as the one issued, provided that they have the correct key.

There are two types of encryption: symmetric and asymmetric.>

The Symmetric encryption is based on algorithms that depend on the same key, referred to as a secret key, which is used both in the encryption process and in the process of decrypting the text. To guarantee the integrity of the information transmitted, it is essential that only the sender and the receiver know the key. The problem concerning the symmetric encryption is the need to share the secret key with everyone who needs to read the message, making it possible for the parties to change the document.

The Asymmetric cryptography uses a pair of different keys, which are mathematically related by means of an algorithm, so that the text encrypted by one key is only deciphered by the other of the same pair. The two keys involved in asymmetric cryptography are referred to as the public key and the private key. The public key can be known by the general public, while the private key should only be known by its owner.

To prove that the contents of a file have not been altered, the QualiSign Portal stores the code resulting from a hash operation on the file, eliminating the need to view or store its data (optional).

The code resulting from this operation (hash code) – also known as "File Signature", "Message Summary" or "Cryptographic Summary" – is a number that uniquely represents (and is sufficient to identify) a particular file (proof WHAT). Cryptographic Summaries are unique in the sense that two different files will never have the same Cryptographic Summary, except in the unlikely event of a hash collision, a complication whose probability decreases exponentially as the size of the hash code increases.

With the 160-bit SHA-1 hash algorithm (industry standard) used by the QualiSign Portal, the odds of a hash collision are extremely remote (1 in 280). Although extremely remote, the QualiSign Portal provides adequate treatment for these situations.

Because the hashing role is unidirectional, no portion of the original data can be reconstructed from the file signature (in the same way that an individual cannot be "reconstructed" from their signature or fingerprint). Thus, if a user can submit a hash code to the QualiSign Portal it can be assumed that this person who calculated this hash code had a certain file in their possession.

No. The digitized signature is the reproduction of the signature in one's own hand as an image by a scanner-type device. It does not guarantee the authorship and integrity of the electronic document, as there is no unequivocal association between the subscriber and the digitized text, as it can be easily copied and inserted into another document.

No, they cannot. The document scanned from an original document is not legally assumed to be authentic, as the original document may have undergone changes prior to the digitization process.

To further clarify it, once the document has been digitized and certified within the scope of ICP-Brasil, it can no longer be changed; however, the original document, before being digitized, may have changed. Therefore, in case of questioning as to the integrity and authenticity of the content placed in the digitized document, the interested party can only prove these attributes by displaying the original document. Thus, one should not delete the original documents.

Art. 223, head of the Civil Code is quite enlightening in this regard. It states that “The photographic copy of a document, conferred by a notary public, will be valid as proof of declaration of will, but, once its authenticity is contested , the original document should be displayed.”

By analyzing the commented article, we will conclude that if a document photographed and checked by a notary may be contested concerning its authenticity, analogously, documents that have been digitized can also be subject to impugnations, given that only the original document makes concrete proof of its authenticity.

Thereby, it is important to note that the assumption of integrity and authenticity, extracted from art.10 of Provisional Measure nº2.200-2, de 24/08/2001, concerns documents produced electronically and digitally signed with certificates issued within the scope of ICP-Brasil.

That is to say, the electronic signature linked to a certificate issued within the scope of ICP-Brasil leads to the assumption of authenticity of the subscribed document, which is certain, as stated by Humberto Theodoro Júnior, in Comments made on the New Civil Code. Volume III. Tome II. Rio de Janeiro: Forensic, 2003, p. 48, that the “Code does not subordinate the validity of the private instrument to which the signatory's signature is authenticated by a notary or any public official. What gives it authenticity is the signature itself, that is, the writing of the declarant's name, done face-to-face (autographically)”.

There are many possibilities for digital signature applications. In the governmental sphere, we can mention: - judicial and administrative proceedings in electronic media; - facilitating the popular initiative in the submission of bills, as citizens will be able to digitally sign their adherence to the proposals; - signature of the income statement and other services provided by the Federal Revenue Service; - obtaining and sending notary documents; - SPB; - Electronic Official Gazette; - identification of websites, so that one may be sure that they are visiting the link they really wish to visit; etc.

In the private sphere, the digital signature can be applied to the most diverse types of electronic documents, such as e-mails, web forms, contracts, powers of attorney, reports, images, mandates, notifications, balance sheets, statements, petitions, exam results, reports , certificates, medical records, insurance proposals and policies and electronic files transferred between companies (EDI), making it possible to eliminate the use of paper and reduce the costs of issuing, storing and disposing for these documents.

The digital signature does not make the electronic document confidential, as it is not encrypted in itself. The confidentiality of the electronic document can be protected by encrypting the message with the recipient's public key, since only by using its private key can the document be deciphered. Integrity and proof of authorship are the essential features for using digital certification upon signing.

The CMS standard, described in RFC 3852, an evolution from the Public-Key Cryptography Standards # 7 (PKCS # 7) set by RSA, is used at ICP-Brasil as a standard for storing digitally signed content (data), encrypted content, authenticated content and content with cryptographic summaries.

For digital signature software, such as the QualiSign Portal, Normative Instruction 09/2006, from ITI, of 5.18.2006, and its documents known as DOC-ICP-15, regulate the requirements for digital signature software, confidentiality and authentication, within the scope of ICP-Brasil.

Pursuant to art. 10 of MP n° 2.200-2, electronic documents digitally signed by means of certificates issued within the scope of ICP-Brasil have the same legal validity as paper documents with handwritten signatures. It is important to note that electronic documents digitally signed by means of certificates issued outside the scope of ICP-Brasil also have a legal validity, but this will depend on the acceptance of both parties, sender and recipient, as determined by the wording of § 2 of art. 10 of MP No. 2,200-2.

Questions on the Electronic Signature

The Electronic Signature is the gender to designate all kinds of identification of authorship for documents or other agreements prepared by electronic means, while the digital signature is one of the types of the electronic signature gender (1).

As an analogy, we can consider that the electronic signature concerns the forest with its various types of trees, while the digital signature concerns one of the tree species in this forest.

(1) "The nomenclature 'electronic signature' was chosen because it characterizes a non-degree expression, that is, it is broader in comparison to the digital signature. The term 'electronic signature' would be technologically neutral for making the techniques open to be adopted, while the term 'digital signature', an electronic signature, would be choosing the asymmetric cryptography in advance".

The digital signature is one of the types of electronic signature. An Electronic Signature is the genre used to designate all types of identification of authorship for documents or other instruments prepared by electronic means

In the context of digital formalization, the most important feature to be identified among the signature types is the probative force or probative effectiveness, which is the ability to prove that a particular signature has been made by the person who claims to be this person.

The digital signature (x509 v3 standard) uses the concept of asymmetric cryptography, which consists of a pair of cryptographic keys (public and private) that complement each other. The private key, which is the exclusive possession and responsibility of its owner, is used to digitally sign an electronic document and the public key is used by anyone to prove the authorship of a signature.

We can affirm that among all types of electronic signatures, legislations worldwide have chosen the digital signature alone (Public Key Infrastructure, (1)) as a legal substitute for one's handwritten signature. Brazil has had a specific legislation since 2001 that set forth the Brazilian Public Key Infrastructure (ICP-Brasil) and matched the digital signature with one's handwritten signature (Article 10, § 1, of Provisional Measure 2,200-2 of August 24, 2001, (2)).

(1) Public Key Infrastructure. It is a structure of entities that control the issuance of digital certificates and give reliability and legitimacy to the process.

(2) “The statements contained in the electronic documents produced by using the certification process provided by ICP-Brasil are presumed to be true in relation to the signatories, as per art. 131 of Act No. 3,071 of 1/1/1916 - Civil Code.”

In the context of digital formalization, the most important feature that must be identified among the signature types is the probative force or probative effectiveness, which is the ability to prove that a particular signature was made by the person who claims to be such person.

This feature is the basis for us to better understand the differences between each type of electronic signature. Below are some examples:

Passwords: A secret code previously agreed between the parties as a form of recognition.

Digitized signature: It is the reproduction of one's handwritten signature as an image (graphic) obtained by a scanner-type equipment.

Digital Acceptance: It is an agreement in the digital format. It can be a “click on the button", "Agreed", "Confirm" button, which means an agreement to the terms of a document.

Digital Signature: It is the outcome of a mathematical operation that uses asymmetric cryptographic algorithms (x509 v3 standard), which allows one to securely check the document authorship, non-repudiation of the signature and integrity.

More questions?

QualiSign Data

Icone-localizacao

Rua Correia Dias 337 - 7th floor - 04104-001
São Paulo - SP - Brazil

Icone-telefone

+55 (11) 5906-7200

Company: : Qualisign Informática SA - Registered with CNPJ/MF No. 17.489.855/0001-20 - State Registry exempt

More information about QualiSign should be requested by email to:

More speed, modernity and security in your company's daily routine.

Higher productivity with reduced costs?