Can digital signatures be forged?

Signature and document fraud is a problem that has now spread to the digital world, where cyber security is increasingly required. As a result, many digital signature users, or those who are considering their use ask themselves how to avoid forgery. Let us clarify these questions in this article.

Digital signatures, by its nature, include aspects that make them highly reliable against possible forgery threats. If we look at their 3 essential characteristics, we will be more aware of this:

  • Authentication: The signatory is perfectly traceable
  • Integrity: The document or message cannot be altered after being signed. If so, this modification will be detected and the whole process will be invalidated
  • Non-repudiation: The signatory cannot deny the authorship of their own signature.

From a legal perspective, all types of electronic signatures are legally valid and can be presented as evidence in court. However, depending on the type of electronic signature used, additional evidence will be required from experts, or it could be equivalent to a handwritten signature without the need for further evidence.

Therefore, digital signatures are a great option for securing documents against possible threats. We will now look into these threats, along with internal procedures linked to digital signatures that provide them such a high degree of confidence.

Cybercrime and counterfeiting in Spain

It is worth pointing out that in the event of forging a digital signature, which is difficult to accomplish, or a handwritten signature, The Spanish Criminal Code stipulates very serious consequences for offenders.

Protection against counterfeiting must be taken seriously at present, as figures provided by the National Institute of Statistics (INE) show that the number of false documents is rising, with a growing trend from 2013 (6,382) to 2018, the last year on record, showing a total of 8,100 criminal activities on this type of offence.

On the other hand, a study on cyber-crime in Spain by the Ministry for Home Affairs reveals that cyber-crime is on the rise, from 4.6% in 2016 to 9.9% in 2019. This same study also states that in 2019 there were 166,152 users who were victims of cybercrime, 37% more than in 2018. Other notable aspects of this report are

  • Fraud is the most common type of incident according to INCIBE (National Institute of Cybersecurity) and the Statistical System of Crime.
  • The tax and financial sectors are the most affected

In addition, cybersecurity measures are now more important than ever as a result of the social and economic situation caused by the health crisis. Proof of this is the growth in global investment in cybersecurity, reaching 9.7% during the first quarter of 2020, according to the consulting firm Canalys.

Digital signature forged

Why are digital signatures so hard to forge?

We have stated that the digital signature is made up of a mechanism that makes it extremely difficult to forge, but how is that specific mechanism that makes it so secure?

It is basically an asymmetric cryptographic procedure that makes use of public and private keys generated by an algorithm. But what does this mean?

  • The private key is only known by the signatory, and is stored on their own device or in the cloud for centralized signatures. This feature is essential to prevent forgery.
  • The public key is then shared with the recipients of the digital signature.

The procedure for creating a digital signature goes as follows:

  1. The algorithm outputs the private key and a corresponding public key
  2. A signing algorithm that, given a message and a private key, produces a signature, which is encrypted by the private key itself (so the digital signature cannot be forged without access to the private key).
  3. signature or document verifying algorithm that, given the message, public key and signature, either accepts or rejects the message’s claim to authenticity

Therefore, the only way to forge a digital signature is by stealing the private key , so we must be extremely careful.

Viafirma to prevent esignature forgery

Viafirma solutions include many features to protect digital signatures against forgery and identity frauds. First of all, let us remind you that when signing a document, we can add different types of evidence.

Viafirma allows to add image, utterance and biometric evidence (e.g, handwritten signatures collected via specific devices)

We can also include checks in the document so that the signatory can clearly express their agreement with some aspects of the document.

In addition, we can request that for esigning the signatory must enter a verification code that will be sent to their smartphone via text message or to their email address.

Viafirma enables you to set the exact coordinates where the signature took place, especially useful for mobile signatures, as well as to set the exact date and time when the signature was placed by means of a timestamp. Precisely, Viafirma is now considered a Qualified Trust Service Provider for the Spanish Government in terms of offering qualified timestamping services within the whole European framework.

Another aspect to emphasize is that once we sign electronically Viafirma will include a complete audit log of the entire signing process, from the beginning to the end. This report will include all information generated during the signing process, and it will be automatically sent to the signatory once it has been completed.

In short, we can conclude that digital signatures are difficult to forge, a feature that is not insignificant in a society where cyber crime continues to grow as a result of the boom in digital operations and teleworking.

In addition, the creation process of digital signatures protects us from identity fraud, to which we must add the possibility of including additional evidence with full legal validity, a feature that is often included in our solutions.