Digital signatures play a central role in software security especially when operating computer system. This article explains what a digital signature is, and how you can check to make sure that a digital signature is trustworthy.
What is a digital signature?
A digital signature is used to authenticate (authenticate: The process of verifying that people and products are who and what they claim to be. For example, confirming the source and integrity of a software publisher’s code by verifying the digital signature used to sign the code.) digital information — such as documents, e-mail messages, and macros — by using computer cryptography.
Non-repudiation ;The digital signature helps to prove to all parties the origin of the signed content. “Repudiation” refers to the act of a signer’s denying any association with the signed content.
To make these assurances, the content must be digitally signed by the content creator, using a signature that satisfies the following criteria:
The digital signature is valid (valid: Refers to the status of a certificate checked against a certificate authority’s database and found to be legitimate, current, and not expired or revoked. Documents signed by a valid certificate and not altered since signing are considered valid.).
The certificate (certificate: A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver’s license, can expire or be revoked.) associated with the digital signature is current (not expired).
The signing person or organization, known as the publisher, is trusted (trusted publisher: The developer of a macro that is trusted by you on your computer. The trusted publisher is identified by the certificate that they used to digitally sign the macro. Also known as a trusted source.).
The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.).