Electronic signature, what is it? - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Electronic signature, what is it?

Message

From

25/12/2002 01:03:51

Ken Mcginnis
Stratford Software Inc.
Burlingame, California, United States

To

24/12/2002 13:46:36

Alex Wieder
Tasmanian Traders
Hoboken, New Jersey, United States

General information

Forum:

Visual FoxPro

Category:

Other

Title:

Re: Electronic signature, what is it?

Miscellaneous

Thread ID:

00735316

Message ID:

00735729

Views:

7

I believe this relates to so-called public/private keys. That is, where you sign a document (encrypt your signature, file or whatever) with your 'private key' and then anyone can decrypt the document with your registered 'public key' and they can be assured that you, and only you are the person who signed the document and it has not been changed since you signed the document. There have been other threads recently related to this. Search for 'Capicom' and 'Certificate' here on UT. Also sci.crypt on your news server.

>>Hi All,
>>
>>We will be carrying out the largest HIV vaccine clinical trial (a US Department of Defense project). US Food and Drug Administration has very strong requirements concerning electronic signature if we want our electronic records to be accepted by FDA. I am doing system requirements analysis at this moment and have very little knowledge on electronic signature. I would really appreciate explanations on what an electronic signature is, how can it be implemented in a database (especially in an VFP + MS SQL Server based application) and where can I find more information. Thank you!
>>
>>Chen
>
>Hi Chen,
>
>An electronic signature is an authentication method to prove that a document does indeed come from a specific source.
>
>If I remember correctly, the technology used to generate digital signatures is the PGP algorithm (Pretty Good Privacy), in which you have a public key, which is a "password" that you publish for other to encrypt their messages with and send to you, and there is a PRIVATE key, which is what you use to decrypt those messages.
>
>Now that you understand the difference between private and public keys, let's move on.
>
>Again, this is from memory...
>
>A hash function is a mathematical function that will create a unique string or number based on a text message. It doesn't encrypt anything per se, but as it is designed, a small changed in the original document will result in a big difference in the hash value. Look at it as a checksum on steroids.
>
>After you're done creating the document to be signed, you create a hash of it, and encrypt this hash with your PRIVATE key. This is the digital signature.
>
>Then, when the recipients gets the document along with the signature, they can verify that the signature matches the document. For this they use a special verification function, into which they input the hash of the original document (which they can generate just like you did before), and applying your public key to this hash they can verify whether the signature that you sent them was indeed generated by you (using your private key) and the document that they received.
>
>In essence, it has nothing to do with someone's personal signature, but rather with cryptography.
>
>Hope this helps!
>
>Alex

Dr. Ken A. McGinnis
Healthcare software design

Click here to load this message in the networking platform