What is a digital signature

Asks mollyprixe

A. A digital signature is a way of signing, and therefore authorising, a transaction online. Digital signatures provide an Internet user with a unique identity document protected by encryption keys which serves to assure a third party that a document, a message or a transaction comes from who it says it does.

�

Q. How is this done

A. It deploys a technology known as PKI (Public Key Infrastructure) or PKCS (Public Key Cryptosystems). It is very complicated to use and works on the basis of using steganography, whereby a sender and receiver can exchange information or instructions by the use of a shared secret or code and instead of one key being used for identification as in traditional cryptography, two are used - one private and one public. It can secure authentication of origin, content confidentiality and content integrity. But basically it allows you to send an encrypted instruction e.g. to your bank which the bank can authenticate as it knows it can only be from you.

�

Q. Does a digital signature have any downsides

A. It has many, the main one being that we have to learn to trust it which will take time - people are only just beginning to get used to giving their credit card number online and this is only because a credit card company usually guarantees the transaction. It will take a long time for people go get used to it not signing on a dotted line.

�

Q. Is your signature actually written

A. The use of the term signature is confusing as nothing is actually written down. A document is usually signed by inserting a smart card encoded with a private key into a reader attached to your computer. You may remember that last year, in June 2000, Bill Clinton historically used a smart card to sign the US Digital Signatures Bill into law.

�

Q. So why haven't I heard of PKI before and why doesn't everyone have a digital signature

A. A digital signature is a relatively new concept and while it is possible for the general public to obtain a digital signature it is aimed at the e-commerce market and for large corporations to conduct their business over the Internet.

�

Q. So what if I wanted to give it a go and try and get my own digital signature

A. There are a few websites that you can do this on. Contact www.hushmail.com - it is a free service that will let you get the hang of digital signatures and what they can do or contact www.pgpi.org, this service is also free and will provide you with a digital identity.

�

Q. Is there an easier way to get a digital signature

A. BT has recently introduced its VeriSign digital identity programme, this provides you with a signature and an identity for �7.50 a year. It is compatible with Microsoft Outlook Express only at the moment, and comes complete with a tutorial on how to use the service.

�

Q. Is a digital signature legal

A. Digital signatures became law in the UK in May 2000 when the E-Communications Act came into force. It became legal throughout the EC on 17th July 2001.

�

If you have any other Internet and Technology questions, please click here

�

By Karen Anderson

�

�