Electronic signature

(On-screen title: Electronic Signature. Proof of authenticity and integrity.)

TRANQUIL MUSIC

VOICE-OVER: The international trade in agricultural products is supervised by the authorities of exporting and importing countries.

(An animation.)

Many consignments will only be accepted by the importing country when an export certificate is available, to ensure safety, as guaranteed by the authorities of the exporting country.

More and more of these certificates are exchanged electronically, improving the quality and reliability of the documents significantly. An essential aspect in this process is the indisputability of the electronic certificates, known in the cryptological meaning as ‘non-repudiation’.

This confirms to the authorities of the importing country the identity of the sender, and that the information that has arrived is unchanged, known as authenticity and integrity. In the digital environment, we need a signature and verification system to confirm these values.

To ensure the authenticity of the source, the electronic certificate is signed with a digital signature. We use asymmetric encryption, an electronic signature that consists of a private and a public key.

The private key is secret and known to the sender only. With this key, the sender locks a message before sending it electronically. The receiver has the associated public key to unlock the message. Once unlocked, the message can only be locked again by the private key of the source.

So, when the receiver opens the message with the public key, he can be sure who sent it. Now, to ensure the identity of the sender, a trusted third party, such as a notary, is used, known as a Certificate Authority or CA, who can confirm to the receiver, that the public key is indeed associated with the identity of the sender.

To prove the integrity of the data on the certificate, we use a data hash, a unique resume of the certificate that works as a fingerprint. An algorithm uses the key data of the certificate and mixes this in an unrecognisable format.

The algorithm works in a way, that even the smallest change in the original data results in a very different data hash. These ingredients can now be used in the communication between authorities.

First, an electronic certificate is created in the national e-Cert-system of the exporting country, linked to identification tokens of the consignment. Then, this electronic certificate is signed by the sender. We use the algorithm to create a data hash of the certificate. This data hash is then locked, or signed, with the private key of the sender and added to the electronic certificate, which is called a ‘signed electronic certificate’.

At the receiver’s end, the signed certificate is unlocked with the public key, and this reveals the data hash. Now, the receiver takes the electronic certificate from the signed certificate, and uses the algorithm to create the associated data hash and then compares this with the one received from the exporting country. If the data hashes are identical, the integrity of the information in the certificate is intact, and the information is original.

Of course, this system demands that the private key of the electronic signature is kept safe, from generation until destruction. Strict procedures, combined with technology, are known as the ‘management of the keys’ and prevent disclosure or compromise of keys that have been, are being or will be used.

(Holland’s coat of arms against a blue background, next to the text: Netherlands Food and Consumer Product Safety Authority, Ministry of Economic Affairs. On-screen text: More information: e-Cert.nl/ecertification.html)

THE TRANQUIL MUSIC FADES AWAY