Summary: A digitally signed signature must be complete. Therefore, you need to know how to validate a digital signature. In this article, we show you a tutorial on how to do this verification so that you can be sure that your documents are valid.When a document is physically signed, it is easy to prove its veracity. After all, as a rule, the two parties meet in the same place and sign together. But, how to validate a digital signature?
Signatures made digitally have the advantage of being made anywhere that has a computer or cell phone connected to the internet. But how do you know if it was the real signatory who signed it? Is there a way to know if the signature is valid?
To answer these and other questions, we have prepared this article in which we also present a step-by-step guide on how to check the validity of a digital signature. Come on?
What is digital signature?
The digital signature is intended to prove the identity of the people who sign the contract. For this, it makes use of cryptographic resources, digital certificate and virtual key.
O digital certificate, by the way, is issued by certifying authorities that follow the standards of the Brazilian Public Key Infrastructure (ICP-Brasil). The most popular types of digital certificates are A1 and A3.
Are digital signatures and electronic signatures the same thing?
This doubt is frequent, so we always try to explain it. They are not the same thing, although the digital signature is a type of electronic signature.
After all, electronic signature covers other types of electronic identification such as login and password authentication, biometrics, facial recognition and tokens.
How does digital signature work?
Digital signatures follow a protocol called PKI (Public Key Infrastructure) and make providers generate keys that can be private or public.
That way, when a person digitally signs a document, the signature is securely created from the key.
In addition, the algorithm also creates the hash, that is, a set of data corresponding to the signed file and which encrypts it with day and time.
Therefore, signatures cannot be forged, as only the signer is able to decrypt the key on the platform, making his signature valid.
Why is it important to validate the digital signature?
There are several ways to make a digital signature, even free of charge through Word. But the platforms dedicated to this type of firm have ways to validate them and this is very important.
Firstly because of security, as online documents involve data regarding your company, employees, employees and customers. Therefore, your subscriptions must be done in a secure environment.
Another point to be considered is the integrity of the signatories. After all, most of the time, subscribers are not present in the same physical environment. Therefore, there is a need for your identity to be validated and complete.
Finally, the verification of digital signatures complies with the rules established by ICP-Brasil, guaranteeing its validity.
What points should be considered when validating a digital signature?
To carry out the validation, it is necessary to take into account the points presented below.
cryptographic key
Every digital signature has two cryptographic keys with different purposes: while one decrypts the document and is also read by the recipient, the other makes it secure.
Therefore, to know if the signature of a document is complete, it is enough to make the comparison between the two cryptographic keys.
Verification process
To know if the signature of a document is really complete, it is necessary to go through a verification process from a signature validator.
It uses the public key of the signer's digital certificate and reverses the cryptographic process. When the summaries match, it means the signature has integrity. If this does not occur, it means that the signature is invalid.
verification code
This code is present in all documents with digital signatures and verifiers try to verify that files with this type of signature comply with the standards of the ICP-Brazil.
Later, we will show you how to use these validators to know if a document signed by digital means is healthy.
Criteria definition
Some criteria must be seen when signing digital documents, which includes the subscriber's name, verification code, timestamp, and hash (or cryptographic digest).
The verification of the digital signature is composed of these criteria and also considers its compliance, digital certificate, temporality and certification chain.
Time stamp
The signature date and time confirmation is what determines your timestamp. Therefore, it is essential to prevent fraud.
After all, date and time are data that can be manipulated, as it is enough to change the settings of the device used to sign the document, be it a computer or smartphone.
However, the time stamp guarantees the exact day and time when the file was digitally signed, which prevents any kind of dispute about it.
Use of a platform specialized in digital signatures
All the points raised above do not pass through your care, but a platform focused on the digital signature of documents.
They allow firms to do so safely and with integrity, in addition to contributing to the document management since they are all stored in the cloud, which facilitates the collection of signatures (which can be done anywhere in the world) and eliminates the need for physical space to store them if they were physical.
⚠️ Also check out these related articles ????
➡️ Learn how to sign with a digital certificate
➡️ Understand what a digital signature verifier is for
➡️ What is a digital contract and how to adopt one for your company
How to validate signature digitally?
A ZapSign is a digital and electronic document signature platform. Its structure has a authenticity checker which guarantees transparency, immutability and irrevocability of signatures made. Although, you can also validate them in ITI and Adobe Reader.
Below is the step-by-step guide on how to validate a document in these two ways.
How to validate digital signature in ITI
The ITI (National Institute of Information Technology) is the federal agency linked to the Civil House of the Presidency of the Republic responsible for maintaining the ICP-Brasil.
Its compliance checker is a simple way to validate that a document signed on ZapSign has not been altered, so that it has not lost its validity. Let's see how to do this.
1) Go to the official verifier page and click on “select subscription”.
2) Select the PDF file that you downloaded from the ZapSign platform after collecting all signatures and click “check compliance”.
3) The result will show the result, that is, if the file is valid or not according to the MP 2.200-2/2001.
How to validate digital signature in Adobe Reader
By default, Adobe Reader does not recognize signatures made by A1 digital certificates issued by ICP-Brasil. This makes it possible for it to report that the ZapSign signature is invalid or unknown.
To solve this problem, it is necessary to import the certificate chain from the Certifying Authority SERPRORFBv5 (Federal Service of Data Processing of the Federal Revenue of Brazil) and from the Certifying Authority Certisign Multiple, in addition to defining it as one of the trusted sources of the software.
It is worth remembering that all subscriptions made on the ZapSign platform are complete. The step-by-step we will teach you below to check your validation in Adobe Reader is just a reinforcement.
1) If the document was created until 04/12/2020, you must download the certificate chain from the SERPRORFBv5 Certifying Authority on this link.
On the other hand, if the document was issued after 05/12/2020, it is necessary to download the certificate chain from the Certisign Multiple G7 Certification Authority by clicking here.
2) Then open Adobe Reader and import the certificate. Click "Edit", then "Preferences". Under “Signatures”, go to the “Trusted and Identity Certificates” section and click on “More”.
In the menu located on the left, click on “Trusted certificates” and then on “Import”.
Within “Contacts”, click on “Browse” to select the file you downloaded as explained above (whose download link for documents generated until 04/12/2020 and after 05/12/2020 are different).
In “Contacts”, click on “Certificate Authority SERPRORFBv5” and then on “Certificates”. An item will appear with the name “Certification Authority SERPRORFBv5”. Click on it.
After clicking “Trust”, the screen below will appear in which you must enable the option “Use this certificate as a trusted root”. After that, click “OK”.
Then click “Import” and “OK”. Close all windows, restart Adobe Reader and open a signed document in ZapSign.
Now your Adobe Reader is ready and configured to validate documents with a digital signature. The confirmation screen of this validation will be like the one in the print below.
By following either of these two tutorials, you will be able to validate the digital signature of your documents that were signed by ZapSign.
If you still don't have a digital signature solution, how about knowing how our platform can help your company? Click here to request the contact of one of our specialists!
