Cybersecurity

Digital key instead of ink and paper

For a good millennium, people have been putting their signature under a piece of writing or document - making it legally binding. In the modern world, this process needs an update: the digital signature. //next author Jochen Schuster explains the process.  

If you go in search of the first legally binding signatures in the history of the world, you will land somewhere in the early Middle Ages: In the period between 500 and 1050 (more likely at the end of this era), it became fashionable to leave handwritten and independent name signs on documents rather than stamps. A suitable example of this is the Ostarrîchi document of the Roman-German king and emperor Otto III from the year 996 (http://www.hist-hh.uni-bamberg.de/studarb/Zerndl/ostarrichi7.html). Even today, a good millennium later, the handwritten signature on paper is still a generally recognized proof of identity. In the digital world, however, it is in urgent need of an update - the keyword being "digital signature".

Combination of signature and scanner? "Not unproblematic"!

Briefly on terminology: In general (as well as in this article), the terms "digital signature" and "electronic signature" are used synonymously. A handwritten signature scanned in and applied to the bottom of a document can indeed be legally binding - as long as the legislator does not impose any special formal requirements on the parties involved. However, this procedure is not considered to be a digital signature in the true sense of the term, and as such is required, for example, in electronically processed administration or in the court system.

Legal uncertainties do not only exist with the combination of signature and scanner described above. The Federal Fiscal Court in Germany (BFH, 22.6.10, 2010 VIII R 38/08), among others, has already dealt with this problem. There are also disputes in other cases - such as signatures on electronic writing tablets. In 2012, for example, the Munich Higher Regional Court (case number 19 U 771/12) ruled that the use of the tablet - in this specific case, a credit agreement form in an electronics store - "is not unproblematic" and declared the contract to be invalid in terms of form (https://dejure.org/dienste/vernetzung/rechtsprechung?Gericht=OLG%20M%C3%BCnchen&Datum=2012-06-04&Aktenzeichen=19%20U%20771%2F12).

There are no legal concerns, however, with the correct actual "digital signature". This is like an electronic fingerprint, unique to each user. Specifically, it is data that is attached to an electronic document to confirm that it has been signed. These are created by a certification authority (for example, the Bundesdruckerei), which first verifies the personal details. The organization then produces a key pair consisting of a private (secret) key and a public key. 

Electronic signature: recognized since 2016

When a user wants to sign a document electronically, the signer's private key generates data for the document in question and encrypts it. The encoded message, i.e., the digital signature, is ready. The addressee in turn receives the now legally binding document together with a copy of the public key. He can use this to decrypt the document. The (business) process is complete. If this does not succeed, it means that it is not the sender's signature or that the document has been changed after it was signed. It is therefore worth nothing.

Thanks to the European eIDAS Regulation (https://www.bsi.bund.de/DE/Themen/DigitaleGesellschaft/eIDAS/eIDAS_node.html), the electronic signature has been recognized and standardized throughout Europe since 2016. This ensures that it is in no way inferior to a handwritten signature with ink and paper in terms of evidential value and validity.

Text: Jochen Schuster