Digital signatures and certificates
More and more people and organizations are using digital documents instead of paper documents to conduct day-to-day transactions. By reducing dependency on paper documents, we are protecting the environment and saving the planet’s resources. Digital signatures support this change by providing assurances about the validity and authenticity of a digital document.
For more information, see Add or remove a digital signature in Office files.
What do you want to do?
What is a digital signature?
A digital signature is an electronic, encrypted, stamp of authentication on digital information such as email messages, macros, or electronic documents. A signature confirms that the information originated from the signer and has not been altered.
The following is an example of a signature line.
Signing certificate and certificate authority
Signing certificate To create a digital signature, you need a signing certificate, which proves identity. When you send a digitally-signed macro or document, you also send your certificate and public key. Certificates are issued by a certification authority, and like a driver’s license, can be revoked. A certificate is usually valid for a year, after which, the signer must renew, or get a new, signing certificate to establish identity.
Certificate authority (CA) A certificate authority is an entity similar to a notary public. It issues digital certificates, signs certificates to verify their validity and tracks which certificates have been revoked or have expired.
Digital signature assurances
The following terms and definitions show what assurances are provided by digital signatures.
Authenticity The signer is confirmed as the signer.
Integrity The content has not been changed or tampered with since it was digitally signed.
Non-repudiation Proves to all parties the origin of the signed content. Repudiation refers to the act of a signer denying any association with the signed content.
Notarization Signatures in Microsoft Word, Microsoft Excel, or Microsoft PowerPoint files, which are time stamped by a secure time-stamp server, under certain circumstances, have the validity of a notarization.
To make these assurances, the content creator must digitally sign the content by using a signature that satisfies the following criteria:
The digital signature is valid.
The certificate associated with the digital signature is current (not expired).
The signing person or organization, known as the publisher, is trusted.
Signed documents, which have a valid time stamp, are considered to have valid signatures, regardless of the age of the signing certificate.
The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA).