Signatures, digital signatures, digital signatures in Blockchain, digital signatures here, digital signatures there. Most of us have heard them at some point in time. But, What do they mean? How to use them? Where to use them? So many questions, yet so little understanding. This two-part blog post is all about only introducing these complex concepts and an insight into our product SignChain which we are building at Consenso Labs and how it leverages Blockchain for document signing and much more.
What exactly is Signature?
Even though we know what it means on a day to day basis, let's just Google it for the sake of it cause why not?
A signature is a handwritten depiction of someone's name, nickname, or even a simple "X" or other mark that a person writes on documents as a proof of identity and intent.
The meaning itself has a basic flaw with the word handwritten mentioned in it which we'll get back to later. But let's dig in a bit more to understand what signatures mean and why there is always a hype around it.
Signatures, well what do they mean to us? Are they used to verify a person’s identity or is it a way of a person agreeing to something legally or officially? They mean different things in different contexts. So, the signatures we do manually using that favourite pen of ours to get the perfect signature can speak about the individuality and personification we all require to differentiate us from others or just simply agreeing to something on the paper and abiding by it.
So yeah, signatures can mean different things in different contexts and this ain’t the place for discussing them in-depth. Let us stick to knowing what physical and digital signatures have to offer us.
We all know that handwritten / physically signatures are widely accepted as they are in use from centuries. From signing wills to patents to treaties between nations and whatnot, physical signatures are always preferred. But this was before digitisation took over.
It’s no wonder that digitisation has taken over the mere act of signing on something as simple as a contract or that dream offer letter from the company. But why in the first place would digitising the process of something we usually do day in and day out be beneficial to us common users? Well, physical signatures have become inefficient and vulnerable over time, time-consuming, tampered with and forged to meet the needs and whatnot. Digitising the signatures was not just to ease our pain to find the right pen and getting the right stroke of letters in our name while signing. But, to keep us and our identity secure while doing some of the most important transactions which need safe and depend on our identity.
No, physical signatures are not going to vanish overnight if that's what you thinking. They are here to stay as an integral part of our life until the world ends. They are still important from signing your kid’s report card to signing the request letters at your dear old bank to your HR’s signature to approve the 2-day vacation that is pending.
What is Digital Signature?
Remember how I told in the previous section that the definition of the signature has a flaw? Well, signatures done electronically/digitally are legal as well. Signatures need not be handwritten anymore (Yeah! Wiki needs an update).
Digital Signatures are used to authenticate and validate the data or integrity of the information stored in the document making it tamper-proof and secure using PKI (Public Key Infrastructure). This is used to implement the electronic signature for a particular individual. (Note: Not all electronic signatures are digital signatures). Simply put digital signatures are like the fingerprint of users used to validated or authenticate something.
So you might be thinking about how to use one or how it works. Well, it’s simple to understand how it works yet a bit complicated so on to the complex stuff.
First, let us see how to generate a digital signature. As Digital signature depends on the PKI it involves a user's private and public keys to carry out the process of the digital signature.
When generating a Digital Signature,
- The document needed to be signed is selected which is converted into a hash, which is later encrypted using the private key of the sender.
- Now the encrypted hash along with various information like the hashing algorithm used makes a digital signature.
- This is later sent to the receiver for further use.
Sounds simple? Great. Now on to verification of the Digital Signature.
- Once the receiver receives the document it decrypts the digital signature of the document by using the senders public key.
- Now after decrypting the digital signature the hash of the document is again generated which is compared with received document hash. If it is same then the document was not tampered.
Now you know the basic digital signature working without having to learn a lot of cryptographic equations that are used to make the whole thing secure and working.
Why Digital Signatures?
Wait we still haven’t answered the question why digital signatures?
Digital signatures offer 3 important features:
- Authentication - As digital signatures involve user private and public keys which are unique to each user. This allows for easy authentication of users as it used to sign data.
- Integrity - As documents are hashed using the hashing algorithms, the hashes depend on the content within the document or data. When the content within the document or data changes the hash also changes. This ensures the integrity of data is maintained.
- Non-Repudiation - As the user private and public key is involved there is no way that they can deny having signed something.
These features are what makes physical signatures absolute and allows for widespread adoption of digital signatures as standard in some domains. While most of them use digital signatures as a second layer of security, it is no doubt that digital signatures will become part of our lives like our physical signature.
Yes, I get it as with every up there is down, with every right there is left, digital signatures too have some cons.
- Once digitally signed it cannot be revoked after being distributed. This makes things more permanent and recorded which cannot be changed.
- As it involves PKI some extra measures have to be in place to secure source data. As anyone with the public key of the sender can gain access to data.
But not to fret, there are standards being developed and people trying to solve these issues. Maybe there might a time where you need to use digital signatures to sign your kid’s report card. When that happens we truly know digital signatures are part of our lives.
Wait, what about Signchain?
Signchain is a product currently being developed by Consenso Labs as part of our much bigger product Arbchain. Signchain is a platform that creates and manages tamper proof digitally signed documents using smart contracts and immutable ledgers. It was initially developed to meet the needs of Arbchain to sign documents and other important legal documents in the process. But upon research we found only a few open-source implementations of document signing platforms using blockchain were available and not all of them could be implementable, therefore Signchain was born.
In the next part let us look at how digital signatures and blockchain are couple made in heaven and most importantly what Signchain has to offer in terms of signing documents using blockchain.