What is a digital signature?
Applies To: Office Resource Kit
Topic Last Modified: 2008-05-09
In this article:
You can digitally sign a document for many of the same reasons why you might place a handwritten signature on a paper document. A digital signature is used to help authenticate the identity of the creator of digital information — such as documents, e-mail messages, and macros — by using cryptographic algorithms.
Digital signatures are based on digital certificates. Digital certificates are verifiers of identity issued by a trusted third party, which is known as a certification authority (CA). This works similarly to the use of standard identity documents in a non-electronic environment. For example, a trusted third party such as a government entity or employer issues identity documents — such as driver’s licenses, passports and employee ID cards — on which others rely to verify that a person is whom he or she claims to be.
Digital certificates can be issued by CAs within an organization, such as a Windows Server 2003 server that is running Windows Certificate Services, or a public CA, such as VeriSign or Thawte.
Digital signatures help establish the following authentication measures:
Authenticity The digital signature helps ensure that the signer is whom he or she claims to be. This helps prevent others from pretending to be the originator of a particular document (the equivalent of forgery on a printed document).
Integrity The digital signature helps ensure that the content has not been changed or tampered with since it was digitally signed. This helps prevent documents from being intercepted and changed without knowledge of the originator of the document.
Non-repudiation The digital signature helps prove to all parties the origin of the signed content. "Repudiation" refers to the act of a signer's denying any association with the signed content. This helps prove that the originator of the document is the true originator and not someone else, regardless of the claims of the signer. A signer cannot repudiate the signature on that document without repudiating his or her digital key, and therefore other documents signed with that key.
To establish these conditions, the content creator must digitally sign the content by using a signature that satisfies the following criteria:
The digital signature is valid. A CA that is trusted by the operating system must sign the digital certificate on which the digital signature is based.
The certificate that is associated with the digital signature is not expired.
The signing person or organization (known as the publisher) is trusted by the recipient.
The certificate associated with the digital signature is issued to the signing publisher by a reputable CA.
Microsoft Office Word 2007, Microsoft Office Excel 2007, and Microsoft Office PowerPoint 2007 detect these criteria for you and warn you if there appears to be a problem with the digital signature. Information about problematic certificates is easily viewed in a certificate task pane that appears in the 2007 Microsoft Office system application. 2007 Office system applications let you add multiple digital signatures to the same document.
The following scenario illustrates how digital signing of documents can be used in a business environment:
An employee uses Office Excel 2007 to create an expense report. The employee then creates three signature lines: one for herself, one for her manager, and one for the accounting department. These lines are used to identify that the employee is the originator of the document, that no changes will occur in the document as it moves to the manager and the accounting department, and that there is proof that both the manager and the accounting department have received and reviewed the document.
The manager receives the document and adds her digital signature to the document, confirming that she has reviewed and approved it. She then forwards it to the accounting department for payment.
A representative in the accounting department receives the document and signs it, which confirms receipt of the document.
This example demonstrates the ability to add multiple signatures to a single 2007 Office system document. In addition to the digital signature, the signer of the document can add a graphic of her actual signature, or use a Tablet PC to actually write a signature into the signature line in the document. There is also a “rubber stamp” feature that can be used by departments, which indicates that a member of a specific department received the document.
The 2007 Office system, unlike its predecessors, uses the XMLDSig format for digital signatures. It is important to note that digital signatures created in the 2007 Office system are incompatible with earlier versions of Microsoft Office. For example, if a document is signed by using an application in the 2007 Office system and opened by using an application in Microsoft Office 2003 that has the Office Compatibility Pack installed, the user will be informed that the document was signed by a newer version of Microsoft Office and the digital signature will be lost.
The following figure shows a warning that the digital signature is moved when the document is opened in an earlier version of Office.