1) What is an electronic signature?
An electronic signature is not a digital image of a written signature. It is actually an electronic code, through which the recipient can easily verify the identity and signature of the sender on the Internet. It can also verify whether the original text of the file has changed during transmission.
At present, electronic signature can be realized by various technical means. After confirming the exact identity of the signer, electronic signature admits that people can sign electronic records in many different ways. These methods include: digital signature based on PKI public key cryptography; Identification mark based on biometrics; Identification of handprints, voiceprints or retinal scans; Password code, password or personal identification number; This enables the receiver to identify the sender; Computers based on quantum mechanics and so on. But it is mature, easy to use and operable. The electronic signature technology widely used in advanced countries and China is based on PKI (Public Key Infrastructure).
2) Digital signature technology based on PKI.
Electronic signature based on PKI (public key infrastructure) is called "digital signature". It is wrong for some people to call "electronic signature" "digital signature". Digital signature is just a concrete form of electronic signature. Although electronic signature has gained technical neutrality, it also brings inconvenience in use, and the law further stipulates electronic signature. For example, the above-mentioned UNCTAD Model Law on Electronic Signatures and the EU Framework Directive on Electronic Signatures stipulate "reliable electronic signatures" and "advanced electronic signatures". In fact, the function of digital signature is stipulated, which makes digital signature more applicable and operable. At present, the only practical electronic signature is public key cryptography. Therefore, the digital signature technology based on PKI has been widely used, mature and practical at home and abroad. As a public key infrastructure, PKI can provide many online services, such as identity authentication, data confidentiality, data integrity and non-repudiation. They all use digital signature technology.
The core executing agency of PKI is the electronic certification service provider, commonly known as CA(Certificate Authority), and the core element of PKI signature is the digital certificate issued by CA. The PKI services it provides are authentication, data integrity, data confidentiality and non-repudiation. The method is to encrypt/decrypt by using the certificate public key and its corresponding private key to generate the signature and verification signature of the digital message. Digital signature is the use of public key cryptography and other cryptographic algorithms to generate a series of symbols and codes, forming an electronic password for signature, rather than writing signatures and seals; This kind of electronic signature can also be technically verified, and its verification accuracy is incomparable with manual signature and seal. This signature method can be used for authentication in a large number of trusted PKI domains or cross-authentication in multiple trusted PKI domains, especially for security authentication and transmission on WAN.