With signotec products for the signature of PDF documents, the misuse of the signature is excluded according to today's state of the art. Only algorithms classified as secure by the BSI (German Federal Office for Information Security) are used.
The only document format that can be reliably protected and enjoys a high position of trust is PDF (Portable Document Format). signotec therefore does not use a proprietary, i.e. proprietary format for the creation of the electronic signature. Rather, signotec adheres to the Adobe PDF or ISO standard, which is widely used worldwide. Electronic documents signed with signotec can therefore be checked at any time, anywhere and by anyone without any technical effort. The Adobe Reader can be used, for example, to immediately check whether a document has been manipulated.
There are 2 essential things to protect:
- the document integrity and
- the signature of the document
The document integrity is essential for the trustworthiness in the content of the document. It ensures that any change to the document after the signature is reliably detected. Sometimes there are also intentional changes to the document after the (first) signature, because e.g. travel times or similar have to be added. By incrementally saving these changes in the document, these changes are made visible and a "rollback" is possible at the respective time of signature performance.
To ensure the integrity of the document, the electronic signature is used. The electronic signature needs to be tamper-proof, which is done with the help of public-key cryptography. The protection of the private key for the signature plays an important role and can be securely stored in the pad. The necessary certificate can even be eIDAS-compliant. An advanced pad signature seal is used, which has the highest possible security and trustworthiness. For more information see eIDAS Pad Signature Seal.
Another important point is biometrics, i.e. the dynamic characteristics of the signature. With the signature, the image of the signature is inserted into the document. However, this only serves as an optical endorsement. The personal and unique writing characteristics of the signatory are also stored in the document. If a manipulation attempt is made, the image of the signature can be cut out and copied by simple means, but biometrics cannot. Biometrics is an essential component of the signature and the document. The biometrics itself is encrypted with a public RSA key (preferably directly in the pad). The document and the biometrics are inseparably linked. Only the owner of the private key can decrypt the biometrics.
It should also be noted that only the signotec pads have a "secure mode" which immediately encrypts the sensitive biometrics in the pad and only uses forensically unusable data for the real-time display.
In the event of a dispute, biometrics serves as evidence for a written expert's examination of authorship. The signotec procedure was found to be even better than the original signature on paper.
Note: Copy & paste is not an electronic signature!