1 Reply Latest reply on Sep 14, 2016 10:59 AM by Test Screen Name

    How can i start to use digital signatures but make sure no one can make a fake signature using my own personal details

    weezypenguin

      Hi Everyone

      I am trying to implement a digital signature culture to my company. But how can I start to use digital signatures but make sure no one can make a fake signature using my own personal details

      It seems really easy to add n my own details and all this information is company knowledge and would be easy for someone to make a fake signature that looks excatly like my own.

      So I look forward to any comments and ideas

      many thanks inadvance

      Rob

        • 1. Re: How can i start to use digital signatures but make sure no one can make a fake signature using my own personal details
          Test Screen Name Most Valuable Participant

          There are several parts to using signatures effectively. To see why let's just think about paper signatures.

          Suppose you get a document claiming to be from someone. It might have a signature on it. Does the signature prove anything? Of course not by itself. But do you have their signature on file? Then you can check it, it becomes worth something.

          It's the same with digital signatures. The signed document alone is UTTERLY WORTHLESS. When you make the signature you get a "public certificate". You can share this, perhaps send it to key people, and confirm by telephone that the signature is real. Then, when they later get a signed document from you, software can compare with the public certificate and check it's real. (Using the public certificate you can't make a fake signature, that needs something else, the "private certificate" that you must keep safe and secure).

          So, this works for a handful of motivated people. It breaks down very quickly with many people (many is probably somewhere around five). In this case we go for a different scheme, called a "certificate repository". Here, a central organisation issues the certificates, gives you a private certificate, and lets everyone check the public certificates. The organisation arranges automatic trusting of their repository. 

          In the wider world, there are global repositories.

          Hope this makes sense of the underlying way it's used.

          1 person found this helpful