In the midst of an era marked by constant connectivity and intense degrees of interactivity and portability, the use of technological resources has been increasingly frequent among small, medium and large companies, which makes it important to know how to check if a digital signature is valid.
A digital signature and electronic contracts presents itself as one of the great highlights, proving to be effective in replacing the traditional physical documentation with practicality and security.
In this sense, we understand that guaranteeing this security requires affirmative practices to ensure the authenticity, integrity, non-repudiation and true confidentiality of information. And, for that, it is essential to verify the validity of digital signatures.
In this article we present a step-by-step guide with everything you need to know about how to verify if a digital signature is valid, to correctly use your digital certificate and digitize your routine with security and legal validity.
Good reading!
What is electronic signature?
Electronic signature is a legal and efficient way to obtain someone's approval or consent by acknowledging via electronic means with legal validity. In many cases, it operates – securely and verifiably – as a substitute for handwriting signatures, especially on documents and contracts.
Therefore, all the processes involved in manually signing a document, which include going to notary offices or sending papers by mail, can be simplified with the purchase of an electronic signature.
The same goes for other forms of recognition. For example: when you go to the bank and you need to insert your finger into the ATM for biometric recognition, this is a type of electronic signature.
Accessing a service on the internet and using a token to recognize your identification is another example, as well as executing a login based on a personal password.
What is digital signature?
Expanding this concept, we define the digital signature as a resource that proves the identity of its signatories in a secure way, using cryptography, a virtual key and a digital certificate. In addition, it assumes the same legality as a handwritten signature on paper documents.
It is a type of electronic signature whose concept is linked to the use of any electronic or digital mechanism to validate the authorship of an act.
In the digital signature, the signatory uses a digital certificate to prove its authorship.
The digital certificate must be issued by a Brazilian certification authority, in accordance with the standards of the Brazilian Public Key Infrastructure (ICP-Brazil).
Examples of digital certificates are the e-CNPJ and the OAB token used by lawyers. There are also types of digital certificate, such as A1 and A3.
Thus, although in analogue times the most common form of personal recognition was the signature manual (which, in some cases, needs to be notarized), this range is much more varied these days, which even facilitates the hiring of employees, suppliers and customers.
In times of work done in home office, this is very beneficial, as it means that people do not need to be in your office to sign the documents that prove the new partnership or contract. They can be anywhere to sign them as long as they have access to the necessary tools.
That said, it should be noted that, although they are slightly different concepts, within the context of this article, we treat electronic signature and digital signature interchangeably, since in the vast majority of situations both have the same effects.
⚠️ Also check out these related articles ????
➡️ Learn how to sign with a digital certificate
➡️ Understand what a digital signature verifier is for
➡️ What is a digital contract and how to adopt one for your company
How important is electronic signature verification?
The process of Scan of documentation promotes great simplification in the interaction with social media, internet banking, corporate and government websites, which demands new resources that make the digital environment effectively secure.
The use of logins, passwords and biometrics as a means of personal authentication are essential in this regard, but do not completely exclude the risk of cyber attacks, data theft or adulteration of signatures and identities.
Indeed, we observed that Brazil ranks ninth among the countries with the highest record of data hijacking attacks (also called ransomware), as pointed out by the digital security company Sonicwall.
It is precisely for this reason that ICP-Brasil, or Public Key Infrastructure, is a digital certification entity qualified to attest and preserve the user's identity in a digital environment that uses internationally recognized encryption standards for their technological security and signature validation. digital.
In order to guarantee this legal validity, the regulatory norms provided by ICP-Brasil are totally based on the definitions of the MP 2.200-2/2001, as well as the international recommendations of the respective digital signature standards used around the world.
The digital signature with ICP-Brasil certificate is a device that recognizes the sender of a given electronic message.
This technology is recognized by the Brazilian Judiciary as are handwritten documents with a notarized signature – safeguarding, with legal guarantees, the digital certificate and enabling unambiguous identification and authentication of the author of a message or transaction.
It is worth noting that this technology confers a series of advantages, such as the possibility of forming agreements and signing digital contract.
Not to mention that the digital certificates of the ICP Brasil standard can be used to encrypt documents, messages or transactions and thus also guarantee the confidentiality and secrecy of these documents.
It is also worth highlighting how digital certification streamlines processes, which are now immediate, reduce costs and increase security.
You may be wondering about the need for a digital signature validator, since there is already a certificate that regulates and promotes a high security digital transaction, right?
It turns out that signing a document with a digital certificate makes it impossible to change any validated information, as its content is sealed by encryption. Thus, signature verification begins with the integrity assessment of electronic transactions.
In addition, the ICP-Brasil standard digital certificates allow signing in electronic transactions, guaranteeing authenticity (with a secure identification process for certification of an individual or legal entity), integrity (preserving data and documents without risk of alteration), -repudiation that the Certification Authority can no longer deny the authorship of this digital certificate and the confidentiality that ensures protection in operations against unauthorized access.
On the other hand, as the digital signature is a data structure embedded in the document that is not visible. Given this scenario, it is necessary to use the digital signature verifier to identify any attempt to circumvent the security of the digital system and confirm the validity of the certificate and security.
How to verify if a digital signature is valid by ICP-Brasil
The authenticity of a digital signature is a crucial aspect to guarantee the security and legal validity of electronic documents.
To check the validity of a digital signature in Brazil, it is necessary to contact the ITI (National Institute of Information Technology), a federal entity subordinate to the Civil House of the Presidency of the Republic. ITI acts as a root certification authority and plays a fundamental role in the compliance of digital signatures with the standards established by ICP-Brazil (Brazilian Public Key Infrastructure).
Furthermore, ITI is responsible for certifying the cryptographic equipment used in this process, standardizing the sector and combating fraud. For users who wish to verify the authenticity of a signature on an electronic document, it is essential to use the ITI Brasil conformity checker, which is aligned with ICP-Brasil digital certificate standards, thus ensuring the integrity and validity of the signature .
Next, we will explain in detail how to use it.
Step 1 – Access
To verify the digital signature of ICP-Brasil, you must first access the service page through this link.
Step 2 – Upload
In the common documentation for all cases, the file will be submitted for compliance verification (files prepared in CAdES, XAdES and PAdES formats are accepted). Refers to the electronically signed file that you want to submit for compliance verification.
Step 3 – Verification
When submitting the file to the ITI verifier, the process of verifying its validity will take place, which may result in the following feedbacks:
- Approved: When the signature is 100% in accordance with the regulation;
- Disapproved: When the signature does not fully comply with the foreseen regulation;
- Indeterminate: When the available information proves to be insufficient for the digital signature to be conclusively validated or invalidated.
The verification process is concerned with verifying the integrity of the document; the integrity of the digital signature; the validity of the certificate; the reliability of the Certification Authority; and the time when the signature took place.
Now that you understand the importance of adopting digital signature security best practices, it's worth remembering that it's not really necessary to do this whole process manually.
Since the systems that use digital signature platforms perform this verification automatically. Therefore, just hire the services of a good digital signature solution.
That said, we invite you to discover ZapSign's digital signature services.
Fully aligned with ICP-Brasil's security and validity standards, our platform collects signatures in a simple and complete way, and can be used both on a computer and on a cell phone or tablet, in addition to having its own authenticity checker of digital documents.
In addition, the tool integrates with the main messaging applications on the market, allowing you to send signature links to your signatories through channels such as WhatsApp, Telegram, email or SMS.
To learn about our services and learn more about the solutions offered by ZapSign, just click here!
