When a document is physically signed, it is easy to prove its veracity. After all, as a rule, the two parties meet in the same place and sign together. But, how to validate a digital signature?
Signatures made digitally have the advantage of being made anywhere that has a computer or cell phone connected to the internet. But how do you know if it was the real signatory who signed it? Is there a way to know if the signature is valid?
To answer these and other questions, we have prepared this article in which we also present a step-by-step guide on how to check the validity of a digital signature. Come on?
What is digital signature?
The digital signature is intended to prove the identity of the people who sign the contract. For this, it makes use of cryptographic resources, digital certificate and virtual key.
O digital certificate, by the way, is issued by certifying authorities that follow the standards of the Brazilian Public Key Infrastructure (ICP-Brasil). The most popular types of digital certificates are A1 and A3.
Are digital signatures and electronic signatures the same thing?
This doubt is frequent, so we always try to explain it. They are not the same thing, although the digital signature is a type of electronic signature.
After all, electronic signature covers other types of electronic identification such as login and password authentication, biometrics, facial recognition and tokens.
How does digital signature work?
Digital signatures follow a protocol called PKI (Public Key Infrastructure) and make providers generate keys that can be private or public.
That way, when a person digitally signs a document, the signature is securely created from the key.
In addition, the algorithm also creates the hash, that is, a set of data corresponding to the signed file and which encrypts it with day and time.
Therefore, signatures cannot be forged, as only the signer is able to decrypt the key on the platform, making his signature valid.
💡 Tip! Need a free digital signature? Click here and create yours now!
Why is it important to validate the digital signature?
There are several ways to make a digital signature, even free of charge through Word. But the platforms dedicated to this type of firm have ways to validate them and this is very important.
Firstly because of security, as online documents involve data regarding your company, employees, employees and customers. Therefore, your subscriptions must be done in a secure environment.
Another point to be considered is the integrity of the signatories. After all, most of the time, subscribers are not present in the same physical environment. Therefore, there is a need for your identity to be validated and complete.
Finally, the verification of digital signatures complies with the rules established by ICP-Brasil, guaranteeing its validity.
Legal validity of digital signature in Brazil
The digital signature is legally recognized in Brazil and has legal validity equivalent to that of a handwritten signature, as long as it is carried out within the parameters established by current legislation.
The main legal basis is Provisional Measure No. 2.200-2/2001, which created the Brazilian Public Key Infrastructure (ICP-Brasil). This infrastructure ensures that signatures made with digital certificates issued by accredited certification authorities are presumed to be true, authentic and complete before the law.
Furthermore, Law No. 14.063/2020 reinforced the validity of electronic and digital signatures, regulating their use in interactions with public entities and establishing signature levels according to the sensitivity of the document.
Digitally signed documents can be used in contracts, legal proceedings, issuing powers of attorney and other formal acts, and are accepted as evidence in courts, audits and commercial negotiations.
Security and encryption in digital signature
Digital signature security is based on advanced encryption technologies, which protect both the identity of the signer and the integrity of the signed document.
Digital signatures use the concept of asymmetric cryptography, which involves two keys: a private key (used to sign) and a public key (used to verify the signature). The process generates a unique encrypted hash for the document. If the content is changed after signing, the verification will fail, indicating that the integrity has been compromised.
In addition, the digital signature is linked to a digital certificate issued by an accredited certification authority, which proves the identity of the signatory. This certificate contains information such as the name, CPF/CNPJ and validity of the signature.
The use of these technologies ensures that:
- the document cannot be altered without the signature becoming invalid;
- the signatory is who he claims to be;
- the signature has legal and technical validity.
Therefore, it is essential to validate not only the signature, but also the certificate associated with it, ensuring the reliability of the entire operation.
What points should be considered when validating a digital signature?
To carry out the validation, it is necessary to take into account the points presented below.
cryptographic key
Every digital signature has two cryptographic keys with different purposes: while one decrypts the document and is also read by the recipient, the other makes it secure.
Therefore, to know if the signature of a document is complete, it is enough to make the comparison between the two cryptographic keys.
Verification process
To know if the signature of a document is really complete, it is necessary to go through a verification process from a signature validator.
It uses the public key of the signer's digital certificate and reverses the cryptographic process. When the summaries match, it means the signature has integrity. If this does not occur, it means that the signature is invalid.
verification code
This code is present in all documents with digital signatures and verifiers try to verify that files with this type of signature comply with the standards of the ICP-Brazil.
Later, we will show you how to use these validators to know if a document signed by digital means is healthy.
Criteria definition
Some criteria must be seen when signing digital documents, which includes the subscriber's name, verification code, timestamp, and hash (or cryptographic digest).
The verification of the digital signature is composed of these criteria and also considers its compliance, digital certificate, temporality and certification chain.
Time stamp
The signature date and time confirmation is what determines your timestamp. Therefore, it is essential to prevent fraud.
After all, date and time are data that can be manipulated, as it is enough to change the settings of the device used to sign the document, be it a computer or smartphone.
However, the time stamp guarantees the exact day and time when the file was digitally signed, which prevents any kind of dispute about it.
Use of a platform specialized in digital signatures
All the points raised above do not pass through your care, but a platform focused on the digital signature of documents.
They allow firms to do so safely and with integrity, in addition to contributing to the document management since they are all stored in the cloud, which facilitates the collection of signatures (which can be done anywhere in the world) and eliminates the need for physical space to store them if they were physical.
⚠️ Also check out these related articles ????
➡️ Learn how to sign with a digital certificate
➡️ Understand what a digital signature verifier is for
➡️ What is a digital contract and how to adopt one for your company
How to validate signature digitally?
A ZapSign is a digital and electronic document signature platform. Its structure has a authenticity checker which guarantees transparency, immutability and irrevocability of signatures made. Although, you can also validate them in ITI and Adobe Reader.
Below is the step-by-step guide on how to validate a document in these two ways.
How to validate digital signature in ITI
The ITI (National Institute of Information Technology) is the federal agency linked to the Civil House of the Presidency of the Republic responsible for maintaining the ICP-Brasil.
Its compliance checker is a simple way to validate that a document signed on ZapSign has not been altered, so that it has not lost its validity. Let's see how to do this.
1) Go to the official verifier page and click on “select subscription”.
2) Select the PDF file that you downloaded from the ZapSign platform after collecting all signatures and click “check compliance”.
3) The result will show the result, that is, if the file is valid or not according to the MP 2.200-2/2001.
How to validate digital signature in Adobe Reader
By default, Adobe Reader does not recognize signatures made by A1 digital certificates issued by ICP-Brasil. This makes it possible for it to report that the ZapSign signature is invalid or unknown.
To solve this problem, it is necessary to import the certificate chain from the Certifying Authority SERPRORFBv5 (Federal Service of Data Processing of the Federal Revenue of Brazil) and from the Certifying Authority Certisign Multiple, in addition to defining it as one of the trusted sources of the software.
It is worth remembering that all subscriptions made on the ZapSign platform are complete. The step-by-step we will teach you below to check your validation in Adobe Reader is just a reinforcement.
1) If the document was created until 04/12/2020, you must download the certificate chain from the SERPRORFBv5 Certifying Authority using this link.
On the other hand, if the document was issued after 05/12/2020, it is necessary to download the certificate chain from the Certisign Multiple G7 Certification Authority clicking here.
2) Then open Adobe Reader and import the certificate. Click "Edit", then "Preferences". Under “Signatures”, go to the “Trusted and Identity Certificates” section and click on “More”.
In the menu located on the left, click on “Trusted certificates” and then on “Import”.
Within “Contacts”, click on “Browse” to select the file you downloaded as explained above (whose download link for documents generated until 04/12/2020 and after 05/12/2020 are different).
In “Contacts”, click on “Certificate Authority SERPRORFBv5” and then on “Certificates”. An item will appear with the name “Certification Authority SERPRORFBv5”. Click on it.
After clicking “Trust”, the screen below will appear in which you must enable the option “Use this certificate as a trusted root”. After that, click “OK”.
Then click “Import” and “OK”. Close all windows, restart Adobe Reader and open a signed document in ZapSign.
Now your Adobe Reader is ready and configured to validate documents with a digital signature. The confirmation screen of this validation will be like the one in the print below.
By following either of these two tutorials, you will be able to validate the digital signature of your documents that were signed by ZapSign.
Common mistakes when validating digital signatures and how to avoid them
When validating digital signatures, some errors are common and can compromise the correct verification of the authenticity of a document.
Not using a reliable validation tool
Many users try to validate signatures manually or on platforms without technical support. The ideal is to use recognized validators.
Disregard the validity of the digital certificate
The digital certificate may be expired or revoked. Validation must verify that the certificate was valid at the time of signature.
Ignore the timestamp
The absence or failure of the timestamp may compromise the verification of the signature date.
Do not verify the certification chain
If the certificate is not anchored to a trusted certificate authority, the signature may be considered invalid.
How to avoid these mistakes?
Always use recognized platforms for signing and validating documents, keep certificates up to date, validate the integrity of the timestamp and ensure that the validation environment is correctly configured.
These simple precautions increase security and guarantee the legal validity of digital documents.
Benefits of digital signature for companies
The adoption of digital signatures brings several benefits to companies, which go beyond document security.
Among the main advantages are:
- cost reduction: elimination of expenses with paper, printing, physical storage and transportation of documents;
- agility in processes: signatures can be completed in minutes, regardless of the location of those involved;
- legal certainty: digital signatures with an ICP-Brasil certificate are presumed to be authentic, reducing the risk of litigation;
- sustainability process: reduction of paper and energy consumption, contributing to ESG practices;
- ease of management: centralization of documents on secure digital platforms, with traceability of all signatures.
Furthermore, digital signatures improve the experience of customers and partners, making the company more modern, agile and aligned with digital transformation.
If you don't have a solution like this yet, how about finding out how our platform can help your company? Click here to request the contact of one of our specialists!
Getúlio Santos is the CEO of ZapSign, a lawyer, technology enthusiast, and entrepreneur.
1 comments on “How to validate a digital signature: learn now”
I don't think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.