In the midst of dematerialization there is a lot of talk about digital signature, a tool whose importance has doubled with the introduction of the mandatory electronic invoice. But what is the digital signature, how does it work, and how can you get your own?
In this article we will give the answers to these and other questions related to this very topical issue.To understand what the digital signature is, it is necessary, first of all, to emphasize that this is not just any electronic signature: the two terms, therefore, are not synonyms.
The electronic signature, in fact, does not provide for any system to identify the recipient, while on the contrary the digital signature allows to associate in a certain way a binary number to a document and a signer, thus conferring legal validity to electronic documents.
More specifically, taking up the definition of the Digital Administration Code, “the affixing of digital signature integrates and replaces the affixing of seals, punches, stamps, marks and trademarks of any kind for any purpose required by current legislation”. It is therefore a precise type of electronic signature, able to guarantee full authenticity and validity to contracts, administrative documents and so on.
Once we understand what it is, it remains to understand how the digital signature works.The functioning of the digital signature is quite complex, and requires the simultaneous presence of several elements: this is precisely where the reliability of this tool lies.
Everything is based on the technique of double-key cryptography, and therefore of a public key and a private key, to which various mathematical functions are applied, starting from the hash function. In this way you can be sure of guaranteeing an electronic signature that is absolutely authentic, complete and not unrecognizable by the signatory.
We talked about two separate keys: these are two binary numbers, made up of an even number of bits, equal to or greater than 2048 bits. Both keys are assigned by the Agency for Digital Italy. The private key is installed in a microchip (in a smart card or USB key), and as such can only be used after entering an access PIN, a bit like tokens for managing accounts currents online.
To put your digital signature on an IT document you need to use a special software, which allows you to calculate the – unique – fingerprint of the document itself, through the aforementioned hash function: in this way, in addition to being associated in indissoluble way to the signatory, the signature will also be linked to the specific document.
After sending the fingerprint to the chip that contains the private binary key, the software starts the signature device for the fingerprint encryption, at the end of which the digital signature is applied.
The latter, to be verified by the recipient of the document, must in turn be analyzed by a specific software, which will recalculate the fingerprint and decrypt the public key, so as to monitor the validity of the document.