Digital Signature, what is that?

Ines Balcik

Sign emails?

E-mails are so practical; business correspondence can hardly do without electronic mail. But is it possible to sign an e-mail in a legally secure manner? Legally secure means, among other things, that the signature is handwritten and, to put it in layman's terms, unmistakable or, rather, not forged. Of course, typing your own name under an e-mail does not require any special technical skills. It should be clear to everyone that this does not meet legal requirements. Spam mails remind us from time to time how easy it is to manipulate e-mails.

Since the early days of the Internet, the question has therefore been how to sign electronic correspondence in such a way that all security requirements are met. After several decades on the Internet, the topic of electronic signatures and digital signatures is really nothing new. For proof, take a look at this video from the Tagesschau news program from February 2001, starting at minute 6:40. A brief report tells us what we are interested in here: "With a large majority, the Bundestag cleared the way for electronic signatures ...". <>

Electronic signature or digital signature?

What exactly has happened in the 20 years that have passed since then? The best answer to this question is a new question: Do I, as an Otto-and-Lieschen Internet normal consumer, have a legally secure electronic signature? No. For private individuals at least, a digital signature is still at best the exception and not the rule.

On the other hand, the idea of electronic signatures has made significant progress in the first two decades of the 21st century, especially on the technical side of the problem. This is cryptography, the science of encrypting information to protect it from manipulation. The comprehensive term for this in our context is information security. The signatory must be clearly identifiable, as must the addressee, so that the document to be transmitted ends up in the right hands.

To make it quite clear once again: an electronic signature must meet certain legal requirements, while the digital signature is important for the mathematical-technical procedure used to ensure security standards. To ensure that both aspects are included and that the electronic signature meets all requirements, a qualified digital signature is necessary.

Real-world examples.

The most common way to make electronic signatures forgery-proof is via a qualified seal or a qualified certificate. The latter is familiar to anyone who has registered with the ELSTER tax portal <>.

The purpose is clear: My data for the tax office should not fall into unauthorized hands. The procedure takes some getting used to: It takes a while to finally get the certificate file. And it has to be stored in such a way that it can be found again at the decisive moment.

I remember that years ago Deutsche Post made an attempt to establish a legally secure signature for signatures on the Internet. In any case, this one procedure did not become established as a standard. Today, there are a number of commercial providers offering digital signatures. The catch for private individuals is the price: For individuals, the cost-benefit ratio is still far from given. The free trial period offered by most digital signature providers doesn't help for long.

We can all continue to be curious about the direction in which the topic of electronic signatures will still develop. In the meantime, it is also worth taking another look back at the analog world of letters. The desire to protect the contents of a letter from unauthorized eyes has a long history. In the past, a letter intended to be read only by a specific person was sealed using wax seals or some other adhesive compound.

Scientists recently succeeded in reading such a sealed letter from 1697 with the help of a computer <> without breaking the seal. So when it comes to information security, there is often room for improvement.

Recent posts