1. SSL Europa - 8 chemin des escargots - 18200 Orval - France T: +33 (0)9 88 99 54 09
White paper
Electronic signature today and
tomorrow
Date : Friday, 28th June 2013
Edition : V01
2. 2
Summary
1. New challenges................................................................................................................................ 3
2. Encoding messages.......................................................................................................................... 3
3. Asymmetric cryptography (for experts).......................................................................................... 3
4. Electronic signature (for experts).................................................................................................... 4
5. What’s about the law ? ................................................................................................................... 4
6. Example of implementation of the electronic signature ................................................................ 4
7. Examples of use............................................................................................................................... 7
Signing emails...................................................................................................................................... 7
Signing of contracts............................................................................................................................. 7
Signature of business proposals sent to clients .................................................................................. 7
Multiples signing contracts on a website............................................................................................ 7
3. 3
1. New challenges
All the rules of trust are disrupted by the digital world. Through the History we established trusting
relationships, signed contracts, affixed seals, used trust third party such as notaries, witnesses,
deliver official documents, implemented issuance process, a face-to-face, used confidential
documents sealed, etc. New rules were established in the digital world. Major risks remain. Major
opportunities also appear.
2. Encoding messages
Since ancient times, men have encoded messages so that they cannot be intercepted. Literature and
cinema are filled with military, espionage or love stories about encrypted messages. The most
famous code is the Cesar code. The principle known cryptographic (from the Greek: Crypto, hidden
and Graphos, drawing) is to apply a combination to a text in order to no one can read it, then to the
person who received this text to apply the “reverse” combination in order to decrypt it. Cesar used
this technic to communicate with the different parts of his army on the battlefield.
3. Asymmetric cryptography (for experts)
In 1975, Wilfried Diffie and Martin Hellman developed a mathematical algorithm that can be
different to encrypt and decrypt a document. There was a key allowing to encrypt and a different
one, allowing to decrypt the document. Someway, a key allows to close a locked safe and another
one to open it. This technic was named asymmetric cryptography, as opposed to the symmetric
cryptography.
With symmetric cryptography, it was possible to deduct the decryption process thanks to the
encryption method. This is not the case with the asymmetric cryptography. This discovery had a
significant impact.
The symmetric cryptography included major problems. It was necessary to give the encryption
combination with the person who had to make the decryption. It was a different key to communicate
with each party confidentially. It required an important list of keys. This technic was not efficient in
the digital world. The asymmetric cryptography was the new solution because each person has his
private key that nobody else knows and a public key that everybody knows and that can be freely
exchanged.
If we encrypt a message with the public key, only the person with the corresponding private key can
decrypt the message. It is no longer necessary for each person to keep confidential a set of
symmetric keys for each partner with whom we want to communicate with an encrypted way.
4. 4
4. Electronic signature (for experts)
But this technology also enabled a new application! If a person sends me an encrypted document
with his private key and that his corresponding public key succeed to decrypt, it means that the
message comes from the person who have encrypted the document. Indeed, only the public key
corresponding to the private key allows to decrypt the document. Electronic signature was born with
its many applications and uses.
5. What’s about the law?
The law n°2000-230 of 13rd March 2000 adapting the law of evidence in information technology and
on the electronic signature says:
“Art. 1316. – The documentary evidence or written evidence, is the result of a succession of letters,
characters, numbers or any other signs or symbols with an intelligible meaning, whatever their
support and transmission modalities.”
“Art. 1316-1. - The writing in electronic form is admissible as evidence as well as the written word on
paper, provided that can be duly identified the person from whom it emanates and it is established
and maintained under conditions that ensure the integrity.”
“Art. 1316-2. - - Where the law does not set any other principles, and in the absence of valid
agreement between the parties, the judge rules conflicts documentary evidence as determined by all
means the most likely way, regardless of the support.”
6. Example of implementation of the electronic signature
You can order with a Trusted Third Party organization, a signing cryptographic USB key. The Trusted
Third Party is an organization which is authorized by the government to deliver electronic certificates
after having realized an Audit. The Trusted Third Party has also developed agreements with software
editors such as Microsoft or Adobe, so that their certificates are recognized trust.
The Trusted Third Party will check your identity in asking, asking you for an ID card, will find you in
the directory, then call you in order to check it is really you. Then, they will give you this
cryptographic USB key and a secret PIN.
For signing your documents and emails, you insert your cryptographic key in your computer, sign
from the menu of your document or emails editor, must enter your PIN and your documents will be
signed. You can choose to make the signature apparent via a picture or not. By clicking on this picture
you can see the information on the signature. Adobe Acrobat is an example of tool to sign
documents. Adobe Acrobat also allows to add signature fields that can be signed via Adobe Reader
which is a free software widely available.
Note 1: Attention to what is commonly accepted. A PDF document can be editable with an adapted
text editor such as Adobe Acrobat. Only a PDF document electronically signed cannot be edited
without losing the signature.
5. 5
Note 2: The screenshot of a handwritten signature added to an electronic document has no legal
value.
PDF Signature
7. 7
7. Examples of use
Signing emails
It is easy to create an email appearing to be from another person. For example, a research office uses
cryptographic USB keys to sign and encrypt its documents and emails. So, the source is guaranteed.
Neither the email nor the documents also joint could not be altered. Nobody was able to intercept
the information exchanged. The risk is reduced to 99,99%.
Signing of contracts
A call center works with offshore companies and uses the electronic signature in order to sign
contracts. The contracts signed by both parties cannot be changed anymore. 15 days are gained on
each exchange of contract.
Signature of business proposals sent to clients
A bank send business proposals for new services to all its customers. These documents are
electronically signed with an automatic signature tool. They can be read with Acrobat Reader which
is a free software. The customers are reassured about the provenance of the document.
20% increase in sales proposals considered.
Multiples signing contracts on a website
An insurance company offers new contracts. The clients can sign the contracts online. A SMS code is
sent to them. The IP address, the phone number and the date of the server timestamp at the
moment of the electronic signature on the fly on the web site are archived. This contract has a
probative value. Clients feel engaged. The conversion rate of prospect accessing the website in
increased by 17%.
Thereby, the use of the electronic signature corresponds to a real need in the digital world. There
is no doubt that this technology will become more widespread and is destined for a great future.