Security is one of the key concepts to which the Administration, in the field of Information and Communication Technologies (ICT), should pay the utmost attention.
The Administration has to extend the legal guarantees it offers citizens and businesses to electronic procedures.
Documents that are generated electronically have three concepts associated with them that need to be safeguarded and which are: confidentiality, integrity and authenticity.
These problems, confidentiality, integrity and authenticity (the defined processes of signing and encryption) are resolved by the technology called cryptography. Cryptography is a branch of mathematics that, when applied to digital messages, provides the ideal tools to solve the aforementioned problems. The problem of confidentiality is commonly related to the so called encryption techniques and to problems of integrity and authenticity with the so called digital signature techniques, although both are actually reduced to cryptographic encryption and decryption procedures.
Asymmetric cryptography is the cryptographic method that uses a complementary key pair, public and private, to encrypt documents or messages. What is encoded with a private key needs its corresponding public key to be decoded. And vice versa, what is encoded with a public key can only be decoded with its private key. The private key must be known only by its owner, while the corresponding public key can be made public.
The fact that the private key is only known to its owner allows us to achieve two important things:
An electronic certificate is a document issued and signed by a certification authority that identifies a person (natural or legal) with a key pair. A certificate contains the following information:
All this information can be divided into two parts:
The private part is never ceded by its owner. This is the basis of security. With the key pair you can perform encryption functions with the peculiarity that what is encrypted with the private key can only be decrypted with the public key and vice versa.
An electronic signature is a fingerprint of a document encrypted with a key. The fingerprint is obtained by applying a mathematical algorithm to a message. This algorithm has two fundamental characteristics:
These two features ensure the integrity of the message. If the content of the message is changed, the one verifying the signature will know it.
The fingerprint is encrypted with the private key of the certificate of the person signing. By applying the verification mechanisms, the recipient will know who signed and that person cannot repudiate the authorship of the message.