To find out how to check if a digital signature It is valid, but it is necessary to verify if the document is signed with digital certificate recognized by ICP-Brazil, maintains its integrity via encryption and can be verified with the ITI or official conference platforms, ensuring authenticity and legal security.
Digital and electronic contract signing stands out as a major innovation, proving effective in replacing traditional physical documentation with practicality and security.
In this sense, we understand that guaranteeing this security requires affirmative practices to ensure the authenticity, integrity, non-repudiation and true confidentiality of information. And, for that, it is essential to verify the validity of digital signatures.
In this article we present a step-by-step guide with everything you need to know about how to verify if a digital signature is valid, to correctly use your digital certificate and digitize your routine with security and legal validity.
Good reading!
What is electronic signature?
Electronic signature is a legal and efficient way to obtain someone's approval or consent by acknowledging via electronic means with legal validity. In many cases, it operates – securely and verifiably – as a substitute for handwriting signatures, especially on documents and contracts.
Therefore, all the processes involved in manually signing a document, which include going to notary offices or sending papers by mail, can be simplified with the purchase of an electronic signature.
The same goes for other forms of recognition. For example: when you go to the bank and you need to insert your finger into the ATM for biometric recognition, this is a type of electronic signature.
Accessing a service on the internet and using a token to recognize your identification is another example, as well as executing a login based on a personal password.
What is a digital signature and how does it work?
Expanding this concept, we define the digital signature as a resource that proves the identity of its signatories in a secure way, using cryptography, a virtual key and a digital certificate. In addition, it assumes the same legality as a handwritten signature on paper documents.
It is a type of electronic signature whose concept is linked to the use of any electronic or digital mechanism to validate the authorship of an act.
In the digital signature, the signatory uses a digital certificate to prove its authorship.
The digital certificate must be issued by a Brazilian certification authority, in accordance with the standards of the Brazilian Public Key Infrastructure (ICP-Brazil).
Examples of digital certificates are the e-CNPJ and the OAB token used by lawyers. There are also types of digital certificate, such as A1 and A3.
Thus, although in analogue times the most common form of personal recognition was the signature manual (which, in some cases, needs to be notarized), this range is much more varied these days, which even facilitates the hiring of employees, suppliers and customers.
In times of work done in home office, this is very beneficial, as it means that people do not need to be in your office to sign the documents that prove the new partnership or contract. They can be anywhere to sign them as long as they have access to the necessary tools.
That said, it should be noted that, although they are slightly different concepts, within the context of this article, we treat electronic signature and digital signature interchangeably, since in the vast majority of situations both have the same effects.
How Cryptography Ensures the Integrity of Digital Signatures
Cryptography is the foundation that makes digital signatures secure and reliable. When someone digitally signs a document, a mathematical process called asymmetric encryption is used to protect both the authorship and the integrity of the content.
This process works as follows:
- the signatory uses his private (secret) key to create the digital signature;
- This signature is generated from a hash of the document, a unique cryptographic summary of that file;
- Afterwards, anyone can use the public key of the signer's digital certificate to verify that the hash matches the document and that the signature is valid.
If any changes are made to the document after signing, the resulting hash will no longer match the signature, automatically invalidating it.
Thus, encryption ensures that:
- the signed document has not been altered;
- the authorship of the signature is by the person who holds the private key;
- the signature cannot be repudiated without breaking cryptographic security.
The integrity ensured by encryption is what makes digital signatures much more secure than traditional methods, such as scanned handwritten signatures.
⚠️ Also check out these related articles ????
➡️ Learn how to sign with a digital certificate
➡️ Understand what a digital signature verifier is for
➡️ What is a digital contract and how to adopt one for your company
How important is electronic signature verification?
The process of Scan of documentation promotes great simplification in the interaction with social media, internet banking, corporate and government websites, which demands new resources that make the digital environment effectively secure.
The use of logins, passwords and biometrics as a means of personal authentication are essential in this regard, but do not completely exclude the risk of cyber attacks, data theft or adulteration of signatures and identities.
Indeed, we observed that Brazil ranks ninth among the countries with the highest record of data hijacking attacks (also called ransomware), as pointed out by the digital security company Sonicwall.
It is precisely for this reason that ICP-Brasil, or Public Key Infrastructure, is a digital certification entity qualified to attest and preserve the user's identity in a digital environment that uses internationally recognized encryption standards for their technological security and signature validation. digital.
In order to guarantee this legal validity, the regulatory norms provided by ICP-Brasil are totally based on the definitions of the MP 2.200-2/2001, as well as the international recommendations of the respective digital signature standards used around the world.
A digital signature with an ICP-Brasil certificate is a device that recognizes the sender of a given electronic message and ensures the means to verify whether a digital signature is valid.
This technology is recognized by the Brazilian Judiciary as are handwritten documents with a notarized signature – safeguarding, with legal guarantees, the digital certificate, enabling the unequivocal identification and authentication of the author of a message or transaction.
It is worth noting that this technology confers a series of advantages, such as the possibility of forming agreements and signing digital contract.
Not to mention that the digital certificates of the ICP Brasil standard can be used to encrypt documents, messages or transactions and thus also guarantee the confidentiality and secrecy of these documents.
It is also worth highlighting how digital certification streamlines processes, which are now immediate, reduce costs and increase security.
You may be wondering about the need for a digital signature validator, since there is already a certificate that regulates and promotes a high security digital transaction, right?
It turns out that signing a document with a digital certificate makes it impossible to change any validated information, as its content is sealed by encryption. Thus, signature verification begins with the integrity assessment of electronic transactions.
In addition, the ICP-Brasil standard digital certificates allow signing in electronic transactions, guaranteeing authenticity (with a secure identification process for certification of an individual or legal entity), integrity (preserving data and documents without risk of alteration), -repudiation that the Certification Authority can no longer deny the authorship of this digital certificate and the confidentiality that ensures protection in operations against unauthorized access.
On the other hand, as the digital signature is a data structure embedded in the document that is not visible. Given this scenario, it is necessary to use the digital signature verifier to identify any attempt to circumvent the security of the digital system and confirm the validity of the certificate and security.
The importance of knowing how to verify the validity of a digital signature for legal security.
Validating a digital signature ensures the legal security of electronically signed documents. By validating it, you prove that:
- the document has not been changed after signing;
- the identity of the signatory is legitimate and reliable;
- the signature was made with a valid digital certificate.
These three factors are fundamental in potential legal disputes, lawsuits or audits, as they demonstrate that the document maintains the expected integrity and authorship.
Brazilian legislation, especially Provisional Measure No. 2.200-2/2001, recognizes the legal validity of digitally signed documents within the ICP-Brasil standards. However, proving this validity, through correct validation of the signature, is what makes the documentary evidence robust.
Furthermore, validation protects companies and individuals against fraud, tampering and questions about the veracity of digital documents.
In business environments, labor processes, service provision contracts and customer relations, the legal security provided by a validated digital signature is a strategic differentiator.
💡 Tip! Need a free digital signature? Click here and create yours now!
How to verify if a digital signature is valid through ITI
The authenticity of a digital signature is a crucial aspect to guarantee the security and legal validity of electronic documents.
To check the validity of a digital signature in Brazil, it is necessary to contact the ITI (National Institute of Information Technology), a federal entity subordinate to the Civil House of the Presidency of the Republic. ITI acts as a root certification authority and plays a fundamental role in the compliance of digital signatures with the standards established by ICP-Brazil (Brazilian Public Key Infrastructure).
Furthermore, ITI is responsible for certifying the cryptographic equipment used in this process, standardizing the sector and combating fraud. For users who wish to verify the authenticity of a signature on an electronic document, it is essential to use the ITI Brasil conformity checker, which is aligned with ICP-Brasil digital certificate standards, thus ensuring the integrity and validity of the signature .
Below, we will explain in detail how to verify whether a digital signature is valid.
Step 1 – Access
To verify the digital signature of ICP-Brasil, you must first access the service page through this link.
Step 2 – Upload
In the common documentation for all cases, the file will be submitted for compliance verification (files prepared in CAdES, XAdES and PAdES formats are accepted). Refers to the electronically signed file that you want to submit for compliance verification.
Step 3 – Verification
When submitting the file to the ITI verifier, the process of verifying its validity will take place, which may result in the following feedbacks:
- Approved: When the signature is 100% in accordance with the regulation;
- Disapproved: When the signature does not fully comply with the foreseen regulation;
- Indeterminate: When the available information proves to be insufficient for the digital signature to be conclusively validated or invalidated.
The verification process is concerned with verifying the integrity of the document; the integrity of the digital signature; the validity of the certificate; the reliability of the Certification Authority; and the time when the signature took place.
Legal validity and security of digital signatures
In Brazil, documents digitally signed with certificates issued within the infrastructure presented above are presumed to be authentic and equivalent to a handwritten signature.
Law No. 14.063/2020 brought even more clarity by regulating the use of electronic signatures in relations with the public sector and in private businesses.
At an international level, the validity of digital signatures varies depending on the country.
Eg
- in the European Union, the eIDAS Regulation establishes criteria for qualified electronic signatures to have legal equivalence to handwritten ones;
- In the United States, the ESIGN Act and UETA recognize the validity of electronic signatures in commercial contracts.
However, for a Brazilian digital signature to be accepted abroad, or vice versa, it may be necessary to use internationally recognized certificates or establish bilateral agreements.
In all cases, technical validation and documentation of the digital signature process are essential to ensure acceptance across different jurisdictions.
Use cases of digital signatures in different industries
Digital signatures are already widely consolidated in different sectors of the economy, bringing agility, security and cost reduction to processes.
legal sector
Lawyers and courts use digital signatures to electronically file petitions, sign contracts and validate powers of attorney, ensuring legal validity without the need for notarization.
Financial sector
Banks and fintechs apply digital signatures when opening accounts, granting loans and authorizing transactions remotely and securely.
Health
Hospitals, clinics and laboratories use digital signatures in medical reports, electronic medical records and digital prescriptions, ensuring the authenticity and integrity of sensitive information.
HR and people management
Companies adopt digital signatures to sign employment contracts, confidentiality agreements, contractual amendments and internal documents, optimizing the employee admission and management process.
Real Estate
Digital signatures speed up purchase and sale contracts, property rentals and financing, making the process more agile and secure.
Trends and innovations in digital signature technologies
The digital signature market has been driven by technological advances and demands for greater security and practicality.
Some trends that stand out are:
- blockchain applied to signatures: using public blockchains to record signatures adds an additional level of transparency and immutability;
- integrated biometrics: facial recognition, fingerprint and voice authentication are being incorporated into digital signature processes, strengthening signatory authentication;
- smart contracts: Smart contracts that self-execute after signing are being explored in sectors such as finance and real estate;
- total mobility: new platforms allow you to sign documents on any mobile device, in a simple and secure way;
- Focus on user experience (UX): digital signature solutions are increasingly intuitive, reducing friction in the signing process.
Now that you understand how to check if a digital signature is valid, and the importance of adopting best digital signature security practices, it is worth remembering that it is not really necessary to do this entire process manually.
Since the systems that use digital signature platforms perform this verification automatically. Therefore, just hire the services of a good digital signature solution.
That said, we invite you to discover ZapSign's digital signature services.
Fully aligned with ICP-Brasil's security and validity standards, our platform collects signatures in a simple and complete way, and can be used both on a computer and on a cell phone or tablet, in addition to having its own authenticity checker of digital documents.
In addition, the tool integrates with the main messaging applications on the market, allowing you to send signature links to your signatories through channels such as WhatsApp, Telegram, email or SMS.
To learn about our services and learn more about the solutions offered by ZapSign, just click here!
Getúlio Santos is the CEO of ZapSign, a lawyer, technology enthusiast, and entrepreneur.
