The technology behind digital signatures is called PKI or Public Key Infrastructure. In order to go paperless in industries that rely on securing digital signature certificates for legal documents, there has to be a secure way to protect that digital signature for the end-user as well as the business.
PKI uses asymmetric key-pair encryption. The only way to decrypt data encrypted with one key in the pair is by using the other key in the pair. PKI key pair is comprised of a public key & a private key. The public key may be shared freely, as this key does not need to be kept confidential. The private key, on the other hand, must be kept secret. The owner of the key pair must guard his private key closely, as sender authenticity and non-repudiation are based on the signer having sole access to his private key. A Certification Authority, which confirms and verifies the identity of an individual before issuing a certificate, certifies the key pair. This forms the ‘Digital Identity for that individual.
The digital signature certificate issued is called the ‘Digital Signature Certificate’. There are a few important characteristics of these key pairs. They are mathematically related to each other, it is impossible to calculate one key from the other. The private key cannot be compromised through knowledge of the associated public key. Second, each key in the key pair performs the inverse function of the other. What one key does, only the other can undo. In Digital Signature Certificate the private key is used for signing and decrypting a message or a document while the public key is used to verify or encrypt.