Choose language:
» Personal Loan No Credit Check, Online Economics » Economical informatics » Topics begins with E » Electronic signature
The electronic signature can be regarded as the electronic equivalent to the personal signature. The German signature law defines the term as follows.
The term is very far calm from the law. Also over Internet closed contract contains an electronic signature, if geeigente procedures, about a password inquiry, occupy the conclusion of a contract sufficiently by a certain person.
The term electronic signature is generic term for different forms of the electronic signature. Often also the terms electronic signature or digital signature are used. The electronic signature is however usually no writing, for example a digitized personal signature. A digitized handwriting possesses only small conclusive force for itself alone, since it arbitrarily often copied and documents at will changed can be attached on. The copies are not to be differentiated thereby from the original. Nevertheless also a digitized writing could be regarded as electronic signature in the sense signature law (SigG). The acknowledgment as proof is however very questionable.
The terms digital or electronic signature not exclusively refer to procedures, which use certificates with publication IC key infrastructure (PKI). After the German signature law of 2001, revised in the meantime, only advanced and qualified electronic signatures need such certificates. The terms digital and electronic signature are to a large extent synonymous. In the English-language technical literature the term is used "digitally Signature "(see also dss). In the signature law only the term "electronic signature" is used. In the European Union arranging LINE and to the signature law the terms simple and advanced electronic signature were introduced. Over the legal consequences of a "simple" or "advanced" electronic signature in contrast to the qualified electronic signature however neither in the signature law nor other laws of the European Union, the federation or the countries somewhat one states. An application of the qualified electronic signature is in "§ 126a BGB, according to which legal writing can be replaced under certain conditions by the qualified electronic signature. In accordance with "§ 127 BGB the regulation is accordingly applicable with agreed upon form.
For the examination of a qualified electronic signature a publicly available signature test code (Public key) is used. It is not to be regarded to this test code however whether he possibly comes from an not-authorized person. An not-authorized person could provide a signature key to the production of a signature and a belonging to test code e.g. with a software such as PGP and provide and as qualified electronic signatures of another person spend afterwards signatures with this software under wrong name.
Therefore a proof of the authenticity of the test code is needed. For this purpose the SigG for qualified electronic signatures plans a qualified electronic certificate, which contains a qualified electronic signature of the exhibitor.
This means for qualified certificates with freiwilliger offerer accreditation ("§15 SigG): Certification service tenderers as for example D-TRUST or the DATEV etc. receive a certificate from the operator of the highest German roots. This operator is the federal net agency. It is also at the same time supervision place for all offerers of certificates, soft and hardware in the market. The respective certification service tenderer gives to sign now for his part a certificate to a person from thereby wants. Thus now everyone can test each signature, since all certificate chains are to due to the federal net agency.
For the production to the signature used the signature key, colloquially also as private keys designation, may arrive naturally not into the hands of an not-authorized person.
For the protection of the private key there are two possibilities in the Wesendlichen: On the one hand (if possible long) a password for a soft PSE (e.g. PKCS#12) or a Smartcard with appropriate safeguard possibilities. Since the password cannot withstand a Brute in such a way specified Force attack for an unlimited period, here the largest weakness of soft PSEs lies.
The problem lies for example also in the fact that a passing on with intention to deceive conceivablly and with pure software solutions is to be prevented hardly effectively. With PGP a signature key owner can send its signature key away, e.g. by E-Mail, to different accomplices, who can provide then falsifications of its electronic signature. This can take place for the purpose that the signature key owner is a signature with the argument, its key compromised, to deny can.
Therefore is for a higher measure of security, as demanded by the SigG, which use of a safe signature production unit smart card necessarily, which prevents the selection of the key also for the owner reliably.
A certificate owner can require the revocation of the certificate depending upon offerer and product, if the signature key is misplaced, if reference points for a compromising of the signature keys exist or if the circumstances certified in the certificate changed. Thereby however security should not be justified.
A falsification of the signature can be excluded only reliably, if suitable software is used for the production and for the examination of the signature. The large difficulty is that it can be recognized hardly whether this condition is actually fulfilled. Same mathematical operations, which know on a smart card, which safe signature production unit, are implemented, also by means of a commercial computer and a software similarly PGP are implemented. However it cannot therefore be regarded to the signature whether she was actually provided with safe technical components. The signature law defines therefore in "§17 also still requirements to products for qualified electronic signatures.
A software is necessary generally for the examination of the signature. The software on a PC can contain practically always also mark commodity so mentioned. An actually reliable examination whether the software actually corresponds to the specifications and was not manipulated is very Here safety mechanisms of the operating system and/or signatures at the software are normally used.
The electronic signature is called often also an electronic seal. This designation is very inaccurate, because it does not vouch for the soundness of document contents in the same way like a seal in the material world, where a breaking of seals is connected with serious criminal consequences. In order to prevent that unauthorized persons can see not determined data for it it is usually used, the coding.
The electronic signature is based on mathematical procedures or algorithms and possibly special hardware like a smart card. From the data which can be marked and the signature key by a clear calculation specification the signature is computed. Each message must lead also at security of bordering probability to another signature, the signature key may be only uniquely assigned and the signature must for each key another value result in. For the simplification of the procedure the signature is not computed directly from the message, but one computes from a Hashwert by means of a Hash function such as SHA-1. That is, over the data which can be marked the Hashwert is computed and coded afterwards with the private key.
The examination takes place in reverse order:
We found here 32 articles.
Index | Privacy | Terms Of Use | Sitemap | Feedback
Printer Friendly Format
Bookmark this page
Back to "Economical informatics"
Back to top