The present invention relates to digital signatures and signing electronic documents.
Electronic document workflows often involve the transfer and processing of digitally signed electronic documents. In some workflows, the recipient of a digitally signed document is expected to manipulate the document in some way—for example, by filling in one or more form fields—and then to attach his or her own digital signature to the document and transfer the signed document to another entity, such as the original sender or a further entity in the workflow. The digital signature can be used to verify the identity of the entity signing the electronic document. The digital signature can also be used to authenticate the signed document by enabling the detection of any alterations made to the signed electronic document.
A digital signature can be attached to the electronic document using a digital signature application. One class of common digital signature application generates a digest of the electronic document and encrypts the digest using a private key obtained by the entity in order to generate the digital signature. The digest can be generated by calculating a hash value of the electronic document according to digital signature algorithm provided by the digital signature application. The entity signing the electronic document can obtain a private key from a signature authority along with a public key certificate associated with the private key. The public key certificate is typically sent along with the signed electronic document. The recipient of the electronic document uses the public key certificate to retrieve a public key corresponding to the received public key certificate. The recipient typically uses the digital signature application to generate a digest of the electronic document, and uses the digest along with the public key to verify the attached digital signature.
There are a number of different digital signature applications that implement different digital signature protocols. As a result, it can be difficult to ensure that recipients of a particular electronic document will have access to a particular digital signature algorithm.