Simple and flexible pricing to meet your needs for digital identity based digital signatures
How .ID works

How the .ID digital signatures work?

_____
.ID digital signature solution is a unique digital service that allows users around the world to sign any type of digital file. The beauty of a digital file is that it is relatively easy to create a unique fingerprint from it, which can be used to verify the integrity of the file.

Another important note is that the signer's identity is represented inside the digital signature with the signer's certificate. This digital certificate is created when the user logs on to the .ID digital signature solution and the certificate is updated after the real person verification process.

What makes .ID signatures secure and how they work?

If you wonder what differentiates all the various electronic signatures and signature providers in principle then one of the key question is how do they approach the non-repudiation problem of electronic signatures.

In simple terms non-repudiation means that it would be very difficult (if not impossible) to dispute the signature (statement) of the author, identity of the author nor the validity of the associated contract. It boils down to the technology what the electronic signature service provider uses to ensure the security of its systems.

Security and strength of .ID signatures

The security and authenticity of .ID signed documents stand on 3 pillars:

  • Signed files integrity - to ensure that after signing the files cannot be tampered with or the signature becomes invalid
  • Signer’s identity integrity - to ensure that the identity that signs is stored and gives a method to identify the perso
  • Secure authorization - to ensure that only the person who’s identity is behind the signature could have authorized the digital signature.

Keeping the integrity of the original digital files that are signed, binding it with the identity, and finally ensuring that a combination of signers identities and signed files are bound securely.


All those components are stored inside the digital signature container file, called ASiC container. ASiC container file is actually a .zip file, that compresses together original signed files and digital signature files (signature.xml-s) associated with the original files. One digital signature container may have multiple files and multiple signatures.

Let’s dig into the signature files and see how they work.

Maintaining files integrity


.ID is a unique digital service, that allows users to sign any type of digital file. The beautiful feature of a digital file is that it’s relatively easy to create a unique fingerprint out of it which allows to check the file integrity.

In .ID we create this unique hash in the moment when the document and files it contains are signed.

There are many well-known methods of creating the hash (or “digest”). They are called hash-formats. We are using a format called SHA256, which was developed by the United States National Security Agency (NSA) and first published in 2001. You can read more about SHA256 here.

Essentially what we want to achieve is that if you are presented with the digital file, you can check the hash/digest and see if that hash is the same value as stored in the digital signature.


Example of SHA256 hash of the digital file
149e475a856c17049693d2161c14e92737937e29a89b66eeab40a5c56d52c012

You can try “hashing” the documents yourself. Just Google “Generate SHA256 hash from file” or click here (https://emn178.github.io/online-tools/sha256_checksum.html).

If you get a file that is claimed to be digitally signed on one hand and the signature XML on another hand, you can use an online tool to create a SHA256 hash of the file and see if it is the same as in the Digital signature file.

If it is, then yes, the file is really the one that is associated with the signature.

Below is an example of a signature.xml file and you can see the file hash on row 11.

Continue reading...

How it works

Choose the store and scan QR code