Signature card

from Wikipedia, the free encyclopedia

The signature function of signature cards replaces handwritten signatures with electronic signatures , which are legally binding in the same way. This means that an electronic document can be signed and the identity of the person who sent the document can be clearly verified.

functionality

Schematic sketch electronic signature

The signature card is a chip card that contains the private key (signature key) of a digital certificate based on a PKI process in accordance with Public-Key Cryptography Standards (PKCS). The chip card offers the highest level of security for the signature, as the signature key cannot be read out of the chip card due to its principle and cannot be cracked by other analysis options or by destroying the chip card.

The use of the signature card can also be protected with a personal identification number (PIN) ( two-factor authentication ), so that no signatures can be falsified with a lost signature card.

The signature of an electronic document (user file) is generated as follows:

  • The sender determines the hash value of the user file with the help of a cryptographic hash function , e.g. B. with SHA-2 .
  • The signature card links the hash value with the private key (signature key) to form an encrypted hash value (signature).
  • The sender sends the user file and the signature to the recipient. The signature can be embedded or sent as a separate file.
  • The recipient decrypts the signature with the sender's public key (signature verification key from the sender's certificate) and receives the original hash value of the user file.
  • The recipient compares the decrypted hash value with the hash value recalculated from the received data file. Only if both hash values ​​are the same is the user file unchanged and can be assessed as legally binding signed by the sender (determination of the integrity ).

The signature function can be combined with other smart card applications (e.g. in connection with an electronic identity card ).

There are standardized software applications for creating and verifying signatures.

Examples of applications for the signature card

See also

Individual evidence

  1. Questions about the introduction and use of the electronic signature. In: Federal Office for Information Security . Retrieved February 21, 2020 .