To create a digital signature, the contents of the documents being signed are used to create a very long number called a hash code. The hash code is unique for the document, similar to a fingerprint. The hash code is encrypted using the signer’s private key. The resulting encrypted hash is a digital signature.
Rules governing public key infrastructure (PKI) require that the owners of private keys maintain the secrecy of their private keys so no one else can reproduce their digital signature. According to these rules, the key owner is responsible for any use of their private key.
At SIGNiX, we manage the certificates and private keys so that you and your customers don’t have to. The private keys are stored in an encrypted form within our highly secure system.
When a signer enters their PIN number into our system, we confirm their identity and authorize them to use their private key to sign documents.
The signers are responsible for any digital signatures created in our system. If a user suspects that their signing credentials have been compromised, they should immediately log in to their account (using their personalized link) and change their signing credentials or notify SIGNiX immediately.
The digital certificate of the signer usually accompanies digital signatures. The digital certificate is a public version of the signing credentials, which is used to verify signatures as well as verify the authenticity of the credentials themselves.