Basic principle of the electronic signature is hash creation or fingerprint of a document we want to sign. The number algorithm secures each document not to have the same number. Each document has unique number even if two documents are different in one line. Both have different number. Two documents with the same number will not exist. The probability is neutral.
The electronic signature is asymmetrical “number” encryption by personA by means of a private key and joining the encrypted number to document, the number will become encrypted document. As the number is encrypted asymmetrically, it is not possible to decryption it by a private key which is used for encryption, but it is possible to decryption it by the public key. Private key is narrowly related to the public key. The public key is published by personA.
It is possible to verify a document on the basis of the document, algorithm for hash function and public key.
PersonB who verify the signature, after accepting of a document, can compute a hash “number” by means of the same algorithm as algorithm which was used by personA, than personB will achieve “numberX”. After decryption of an encrypted number that is connected into document by means of a public key and after comparison with the encrypted “number” with computed numberX, we can say:
-
if “numberX” is the same with decryption number then it is obvious that initiated document was signed by a person and document was not changed in the transmission
-
if “numberX” is not the same with decryption number then it is obvious that initiated document was not signed or person does not sign a document, the document was changed in the transmission
Private key and public key is “Key pair”. Both are created by owner, e.g. by means of cryptographic card. It is generated together. As we mentioned, private key is narrowly related to the public key. Public Key Infrastructure (hereinafter referred to as “PKI”) was created for the reason that owner’s public key does not have to be sent personally by himself to person he/she wants to communicate with.
PKI covers, except persons using the electronic signature, even Certification Authorities (hereinafter referred to as “CA”) and Registration Authorities (hereinafter referred to as „RA“).
The main target of CA is to issue certificates of public keys to their clients and its administration (archive, revocation, restoration, etc.).
The main target of RA is to take a public key from clients, identification verification, and personal data verification, sending requests for a public key certificate issuing to CA, delivering a client’s certificate and public key certificate to client’s CA.
Public key certificate contains especially basic identification data about owner, public key, data about CA that issued a certificate, period of certificate validity and the electronic signature of a certificate created by private key of CA.
Certificate verification and person verification to which the certificate was issued together with public key verification of a person is similar process as document verification.
The first it is important to verify a person who signed a document by means of CA public key before document verification.
According to the Act on Electronic Signature it is necessary to build another CA, so-called the Root Certification Authority (that is under NSA management) for the electronic signature usage that can be used in intercourse with the state administration.
„The Root Certificate Authority” is (hereinafter referred to as “the Root CA”) at the top of public key infrastructure pyramid The main target of the Root CA is to issue certificates for accredited CAs that are accredited by the NSA. Public key of CA is determined for certificate verification of accredited CA.
