Why Digital Signature is Important and How to Create It

CoSign Digital Signatures for Word 2007

How to Create a Digital Signature in Adobe Acrobat 9.0 Professional

How to add Web 2.0 Email Signature

Web 2.0 Internet world

There are many Web 2.0 sites in today Internet space. You likely use Web 2.0 sites like Twitter, Facebook, YouTube, Digg, Del.icio.us etc.
Now you can link to all those social profiles from your email signature.

MyBlogLog signature feature

MyBlogLog has provided their members with a new feature which allows them to easily create an email signature. They can also use in Microsoft Outlook and Outlook Express.

If you already have a Mybloglog account, you can enable it in following simple steps below.

1. Log in your account
   
2. Go to Profile Page
3. Click Edit
4. Go to Email Signature Tab
   
5. Enter your information
6. Click Get Code
7. You'll be provided with the code needed to display your new signature and instructions on how to add it to e-mail programs.

You may be also interested How to Insert Email Signature in Gmail.

Processes of Using XML Digital Signature

Digital signatures using involves two processes, that are performed by the signer and the receiver of the digital signature.
To sign any digital asset, the signer first delimits precisely the borders of what is to be signed.
For the delimited XML Digital Signature information for signing term the "message" is used in current article.

For Digital signature or the XML Digital Signature creation a hash value and a given private key that are both unique to the signed message are used. To provide security for the hash value, probability that the same XML Digital Signature could be generated by the combination of any other message or private key must be very slight.

The XML Digital Signature verification is the process of

1. verifying the digital signature and signature software by reference to the original message and a given public key,
2. defining whether the digital signature was generated for that namely message using the private key that matches to the referenced public key.

Then the signer's software calculates a hash result value, unique to the message. Then the signer's software transforms the hash value into a digital signature using the signer's private key. As a result, digital signature is unique to both the message and the private key, that were used to generate it.
Usually, a digital signature is attached to its message and saved or transmitted with the message. It might also be sent or saved as a separate data element. A digital signature is unique to its message, that's why it is useless if it's disassociated from its message.

XML Digital Signature

XML Digital Signature Technology

XML digital signature technology is a combined effort of the W3C (World Wide Web Consortium) and the IETF (Internet Engineering Task Force). The XML Signature standard assists signing parts of XML documents and providing end-to-end data integrity across multiple systems.
XML digital signature proves the nonrepudiation and message integrity of transmitted XML data across Web services.

XML Signature is the foundation for XKMS, SAML, WS-Security, and other XML-related technologies that authenticate using digital signature.

XML digital signatures are signatures that are available in the XML format and ensure authentication and originality of the parent document. A main feature of XML signature is the ability to sign a particular portion of the XML document rather than the whole document.

An XML Signature can sign more than one type of resource, such as a particular portion of an XML document, binary-encoded data (JPG), and character-encoded data (HTML).

XML Digital Signatures Types

There are three types of XML digital signatures:

• Enveloped Signatures: The generated signature is implanted within the signed XML element itself.

• Enveloping Signatures: The generated XML digital signature enfolds the signed XML elements, which it authenticates.

• Detached Signatures: The signed XML document and the signature are detached separately.

How to Insert Email Signature in Gmail

E-Signature in Gmail

By default attaching html email signatures are disabled in Gmail. Still if you want to insert e-signature, there is a way how to do it. You'll need to install Greasemonkey. It is a Firefox extension that allows you to modify looking and behaviour of your favourite pages.
If you use greasemonkey with Firefox and the appropriate scripts, you can modify the functionality of any web page and you can insert html email signature to Gmail.

If you power up Firefox with Greasemonkey and then add the appropriate scripts, you can change the functionality of web pages.

Features of the Gmail E-Signature

After you've enabled Greasemonkey, you should get the Gmail Signature Float script. It will change gmail in 3 ways:

• Gmail places e-signature at the bottom of replied or forwarded messages by default. This will fix the issue. E-signature in Gmail will be moved to the top of the quoted message rather than the bottom.
• It will remove the two dashes that Gmail places above e-signature automatically.
  
• It provides the ability of adding HTML to signatures, and the ability of leaving turn off and on floating of e-signature.

Watch this video to setup Gmail electronic signature

Electronic Signature Software. E-Lock DeskSeal Desktop.

I'd like to introduce you the series of reviews of digital signatures software.
It would cover a wide range of specialized software.
The first tool I'm going to write about is E-Lock DeskSeal Desktop.

E-Lock DeskSeal Desktop

E-Lock DeskSeal Desktop is a wizard based Digital signing software. It enables users to insert digital signatures into PDF documents at predefined location without having the Adobe Acrobat Professional installed on the user's computer. The verification of the signature in PDF happens through Adobe reader just by right-clicking on the signature block. Handwritten signature or logo can also be added to the signature using this software.
Read more about E-Lock Digital Signatures.

ESIGN Signature

ESIGN

ESIGN provides that, despite any statute, regulation, or other rule of law governing any transaction in or affecting interstate or foreign commerce, a signature or other record may not be denied legal effect merely because an electronic signature or record was used in its formation. Most provisions of ESIGN took effect on October1, 2000. On March1, 2001, portions of the law governing record retention will become effective with respect to records required by a federal or state statute, regulation, or other rule of law administered or promulgated by a state regulatory agency, although state or federal agencies may extend that date to June 1, 2000.

ESIGN Signatures

Under ESIGN, the term "electronic signature" means an electronic sound, symbol or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. Again, no particular technology is required by ESIGN for electronic signatures. Instead, the law allows the parties to select the method of authentication that best suits their needs and security concerns. Both HIPAA and UETA provide more guidance on authentication of electronic signatures than does ESIGN.

Infopath Digital Signature

Briefly about digital signatures

You can enable digital signatures when designing a form so that users can add digital signature when filling it out. This digital signature proves that the form originated from the signer and has not been changed. Also the signature can include some comments from the author. After signing, the data in the form cannot be changed without cancellation digital signature.

When adding a digital signature, the user must use a digital certificate. Digital certificate is an attachment for a file, macro project, or e-mail message that assures authenticity, provides secure encryption, or supplies a verifiable signature. Digital certificates, which you can get through commercial certification authorities or from your internal security administrator, establish the authenticity of the signature.

About InfoPath digital signatures

In addition to enabling digital signatures so that users can sign your form, you can add a digital signature to your form template which authenticates you as the author of the form template in the same way that a digital signature on a form authenticates the user who filled out the form. Form template in InfoPath is a file or set of files that defines the data structure, appearance, and behavior of a form. For example, form templates that have been distributed to users in an e-mail message can be updated more effectively if they have been supplied with a digital signature.
When you put a digital signature in a form, InfoPath uses only those certificates that have a private key and a Digital Signature or Both value for the Key Usage attribute. Also the purpose of the certificate must be set as Client Authentication or Code Signing. If you are using a certificate to add digital signature to a form template, the certificate must be set as Code Signing. These limitations are applied because InfoPath uses XML Signatures to digitally sign forms.

• Because a digital certificate you create is not issued by a formal certification authority, forms signed using a certificate you created are referred to as self-signed forms. These certificates are considered unauthenticated and will generate a security warning if the form's security level is set to Domain. InfoPath trusts self-signed certificates only on computers that have access to the private key for that certificate. In most cases, this means that InfoPath trusts self-signed certificates only on the computer that created the certificate, unless the private key is shared with other computers.

• The information in this topic may not apply if you are working with a form designed using Microsoft Office InfoPath 2003 without the service pack installed.

Legal Digital Signatures

Digital signatures (unlike electronic signatures) are more often used as a method of showing affirmative purpose. The troubles with digital signatures do not ensue from agreement to terms, but rather from the security and confidentiality of the digital signatures. Virtually, digital signatures are encrypted electronic signatures that a third party (certification authorities) authenticates as original. Unlike the more general electronic signature, a digital signature must be unique and rigorously under the sole custody of the party using it. Unlike electronic signatures, where a typed name, a company name or even a logo can all bind the party to be charged by its mere presence, digital signatures offer the agreeing party greater levels of security and efficiency. The general types of signatures will not be enforceable as a digital signature. Because of the authentication requirements, digital signature should be recommended that clients rely on the use of digital signatures for any high-profile or high liability electronic contract.

Digital signature use will only increase in use in the future, as parties to all transactions will seek a heightened level of information security without the fear of accidentally agreeing to unfavorable terms. While there is an inherent fear of paperless transactions, especially with more traditional attorneys and companies, the use of digital signatures makes commerce faster, more secure and more effective and should be recommended to clients when appropriate. The use of digital signatures is even more effective when dealing in international trade, making it no longer necessary to fly overseas in order to demonstrate intent to sign a contract.

While understanding and diligent advising clients to the use of different forms of signatures for electronic commerce is significant, it is also very important to understand that we are still in the early years of a technological revolution, and that part of being an effective advocate is keeping up to date on advancements in the law. Electronic and digital signatures are only the beginning. Progress in technology will soon allow for the widespread use of biometric identification as a method of showing purpose of contract. Rules of contract law will continue to evolve with technology and while the application of contract principles and the Statute of Frauds will not substantially change, their interpretation and use surely will.

Read about Legal Electronic Signatures.

Legal Electronic and Digital Signatures

A copestone of United States contract law is the general application of the Statute of Frauds to contractual agreements. Emerging forms of electronic commerce and new types of contractual relationships have begun challenge the very idea of determining the four corners of a contract. Many difficulties regarding contractual relationships emerge with the rapid increase of electronic commerce, most notably determining what creates a valid signature. Traditionally, the Statute of Frauds is a collective term describing several statutory provisions that deny enforcement of certain forms of contracts unless they are reduced to writing and signed by the party to be charged. The question with this traditional idea of the Statute of Frauds is how it refers to electronic commerce in defining whether the party being charged with the contract has actually “signed” the contract for purposes of enforcement.

Different forms of legislation dealing with internet law have attempted to define and specify digital and electronic signatures for purposes of determining enforceability. Generally, there are two broad categories of signatures when dealing with electronic contracts.

1. Electronic Signatures (“E-Signatures”)
2. Digital Signatures

Digital Signature for Office 2007

Microsoft Office 2007 provides many improvements in security in comparison with its predecessors. And one of new functions is possibility of digital signature of documents. Signing a document, you confirm that you are the creator of document, and it will prove that a document wasn't changed since you created its creation.

You can create a digital signature for a document because of the same amount of reasons, on which you can affix your signature to a paper document. A digital signature is used for identification of digital documents creator (such as ordinary document, e-mail and macros) by cryptographic algorithms.
Digital signatures are based on digital certificates. Digital certificates are verifiers of identity issued by a trusted third party, called a certification authority (or CA). This works similarly to the use of standard identity documents in the non-electronic world. For example, a trusted third party such as a government entity or employer issues identity documents such as driver’s licenses, passports and employee ID cards on which others rely to verify that a person is whom he/she claims to be.

Digital certificates can be issued by certification authorities within an organization, such as a Windows® Server 2003 server running Windows Certificate Services, or a public certification authority such as VeriSign or Thawte.

Microsoft 2007 Office system documents can have invisible signatures or signatures lines added to them. When used together with other Microsoft 2007 Office system security technologies and security technologies included in the Microsoft Office Servers and Windows operating system, digital signatures provide another significant component of a strong defense in depth approach to security data stored in Microsoft 2007 Office system documents, workbooks and presentations.

PDF Digital Signatures

Introduction to PDF Digital Signatures

PDF digital signatures arises as a solution of great vitality to keep the electronic signing process in the digital sphere. The infrastructure for digital signatures exists in Acrobat, but vendors in this field have to do a lot before digital signatures in PDF become a momentous part of everyday reality. Some serious roll outs of digital signatures have taken place, for example in Belgium, but these were pretty lowly compared to the idea’s clear potential.
Almost all of paper-document workflows are rooted in filing offices and fax machines because paper is still the one document means that is certainly horizontal and still moves easily between organizations. Integrating digital signatures and electronic documents into these workflows without replacing the whole system doesn’t always attract. One of the most earnest barrier is the necessity (under the current implementation) of both sender and receiver being at least somewhat grasp to digital signatures in order to make the whole process work as aimed. Today’s digital signature technology is mainly effective in a vertically integrated environment.
Currently to put into PDF digital signature, one has to do more than just attach a signature image onto the electronic page. The good side is that the technology exists to make it all work sufficiently well. Once users create a Digital ID, design their signatures, know how to recognize a Signature field and understand what to do with it, they can sign PDF documents quickly, effectively and without paper.

Advantages of PDF Digital Signatures

PDF Digital signatures have a number of advantages over their inky ancestors:
1) A certified and signed PDF identifies itself as such when opened
2) Mouse-over a PDF signature to view its status
3) If changes have been made since signing, you’ll know
4) Acrobat provides information about the signature
5) If the document has changed, you’ll get a warning
6) Use any signature you like; includes graphics, text and information about your organization or location.

Important about PDF Digital Signatures

Adobe's digital signature solutions in Reader and Acrobat have something for everyone. Unfortunately, even the basics get complicated pretty quickly.
First, you can’t sign just any PDF. A signable PDF file must include a Digital Signature field, the device that offers the author greater control over the future use of the document. No special skill is required to make a PDF signable – just a copy of Adobe Acrobat Standard or Professional and a minimal understanding of form fields.
Note that the free Adobe Reader cannot sign a PDF unless the PDF has been “blessed” with extended usage rights (Reader Extensions). Without such rights, every “signer” must have Adobe Acrobat, or equivalent.
Apart from using the right software or a PDF with extended rights, signing a PDF requires a Digital ID. It’s not a familiar concept, even to users who consider themselves savvy to website logins, cookies, PIN numbers and other means of online identification. Digital IDs are issued by third parties, and may also be self-signed – that is, created without a third-party certificate authority. Adobe doesn’t recommend self-signed signatures, but offers precious little information as to the distinction, why one might care, or what exactly one should do to acquire a third-party ID.

Digital Signature Verification

Digital signature verification is the process of collation the digital signature by reference to the original message and a given public key, in that way determining whether the digital signature was created for that same message using the private key that corresponds to the referenced public key.
Verification of a digital signature is completed by calculating a new hash result of the original message by means of the same hash function used to create the digital signature. Then, using the public key and the new hash result, the verifier checks:
1) whether the digital signature was created using the corresponding private key;
2) whether the newly computed hash result matches the original hash result which was transformed into the digital signature during the signing process.
The verification software will confirm the digital signature as "verified" if:
1) the signer's private key was used to digitally sign the message, which is known to be the case if the signer's public key was used to verify the signature because the signer's public key will verify only a digital signature created with the signer's private key;
2) the message was unchanged, which is known to be the case if the hash result calculated by the verifier is identical to the hash result extracted from the digital signature during the verification process.

Electronic Signatures Higher Security Levels

Electronic Signatures Higher Security Levels

1. Usage of electronic signature pads in a "stand alone" application. This does not meet the test of a legal signature, especially because it does not bind the electronic signature to the document. Such signature can be removed simply by selection and pressing the delete button.
2. Use of digital signature software that encrypts the electronic signature, usage of Public/Private Key Infrastructure electronic signature technology. This safeguards electronic signatures and allows for verification of the signature with the use of the same software. The signature is captured using an electronic signature pads and stored in a file that can only be opened with a password. The signature generally meets all legal requirements and cannot be removed from the document.
3. By using digital certificates a signature also can be verified as “authentic”, similar to a notary public witnessing a paper signature. However, unlike a notary public witnessing a paper signature, these legal witnesses have not been established for the electronic world. These can be used within organizations to establish identities.
4. A higher form of security is to sign each document using digital signature pads. An electronic signature pad allows for a person to sign the document on screen. Similar to a paper signature, this allows for handwriting analysis to verify the authenticity of the signature.
5. The highest form of security is with the use of biometrics using a fingerprint or retina scan, which will unlock a person’s signature.

Signatures Security

Signatures Security

There are various levels of security of paper documents. Mostly applications enable signing document without anyone attesting this act. But higher level of security requires participating of witnesses. The definitive level of security is to have your signature witnessed by a notary public.
Moreover, in the electronic world there are different levels of security for electronic signatures. An electronic signature is an image, commonly in "tiff" format, with no security features. It is easy to copy that image and past it into another document. This is a perilous form of electronic signatures that some people have accepted. This can be considered as level 0 form of security.
The higher levels of security of electronic signatures are described in Electronic Signatures Higher Security Levels article.

Electronic Signatures Requirements

The whole area of electronic signatures makes confused most of organizations. People doubt that anything that looks like a signature on an electronic document is legal. Practically for using legal electronic signatures you must always sign documents by using appropriate software — the same requirement that is necessary for pen and paper signing.
Other requirements for both electronic and paper signing
1. Electronic signatures must be unique to the individual.
2. Electronic signatures must be verifiable as belonging to a person.
3. Electronic signatures must be under the sole control of the person signing (i.e., you cannot force someone to sign a document under duress).
4. Electronic signatures must be applied with intent.

Digital Signatures in Excel 2007 and Excel 2003

If you want to add a digital signature to your excel file, follow steps below.

Microsoft Office Excel 2007

Press the Microsoft Office Button > Prepare > Add a Digital Signature > OK.
Don't forget to save your Excel workbook in the Excel 2007 workbook format, before you add signatures.
If you get the warning message asking "Do you want to save the workbook as a Microsoft Office Excel Workbook?", click "Yes" and select the Excel Workbook (*.xlsx) format in the Save As dialog box.
When the workbook is saved, the dialog box "Get a Digital ID " is displayed. Choose the type of digital ID that you want to use, and then press "OK".
After you complete the before mentioned steps for the type of digital ID, the Excel workbook is signed.

Microsoft Office Excel 2003

Go to Tools menu > Options > Security tab > Digital Signatures > Add.
If you changed your Excel file and is didn't save it yet, or if you didn't save it in the Excel 2003 workbook format, the message "This workbook must be saved as a Microsoft Excel workbook before it can be digitally signed. Do you want to save the workbook?" appears.
You should save the file in the Microsoft Excel Workbook format to add the digital signature.
After your workbook is saved, the Select Certificate dialog box appears. Select the certificate to use, and click "OK".
Close the Digital Signatures dialog box (Click "OK").
You Excel workbook is signed.

E-Lock Digital Signatures

Digital Signature solutions by E-Lock are now used by the High Courts of India

E-Lock a leading provider of data security solutions has deployed multiple licenses of its Digital Signature product to the High Courts of India. The High Courts of India in a pursuit to shift to a paperless mode, selected the PKCS#7 compliant E-Lock product – DeskSeal Desktop.
The Indian IT Act 2000 provides legal recognition of electronic transactions and digital signatures. Section 5 of the Act gives legal recognition to digital signatures. At the moment, use of digital signatures is undertaken by sectors such as banking and financial services, online stock-trading portals and engineering organizations. The Government of India is stressing on e-governance as an effective delivery channel of all government services to citizens. As a result, several Government Organizations have undertaken the process of shifting their workflow to electronic mode.
E-Lock DeskSeal Desktop was offered to the High Courts through a Government agency. DeskSeal Desktop is a desktop-based digital signing utility that signs files of any format. As it is wizard-based, it enables even a novice user to digitally sign and verify files with ease. This product is PKCS#7 compliant, which enables users to abide by the regulations laid by e-signature laws worldwide.
“The deployment of our digital signature product at the High Courts talks about the initiative of Indian Government to go electronic. E-Lock has been providing its products & solutions to several other Government entities to fulfill this objective,” says Suniel Mande, VP Sales – E-Lock.

About E-Lock

E-Lock is leading brand of Digital Signature products and solutions. The E-Lock Digital Signatures are used across Government, Healthcare, Finance, Insurance and other sectors to secure and authenticate their electronic records and data. These products and solutions are compliant with various laws that affect the management of electronic information. E-Lock offers a wide range of digital signature products and solutions that can be classified as desktop based, web-based and server-based. The E-Lock products and solutions are simple to install and easy to use. Several organizations across the world use E-Lock solutions to go paperless and secure the data.

For more information about digital signatures, or to schedule an interview with www.elock.com please contact at info@elock.com