Introduction When a message is sent or a file is shared, the sender wants to make sure that the message remains unchanged on its way to the recipient. Also, the recipient wants to make sure that the message is coming from the sender and not from someone else. That is to say, we need to

• ensure the integrity of the message being sent, or file being shared, as well as to
• ensure the authenticity of the person who sends the message, or shares the file

You may also want to send an encrypted message that can only be decrypted and opened by one person (for whom the message is intended), but here we will focus on the two items outlined above. This is what a digital signature is for - it is to be (virtually) attached to the message being sent or the file being shared in order to verify the identity/authentication of both the message and its sender. To achieve this we will use the RSA algorithm for asymmetric cryptography. The RSA algorithm includes a key pair consisting of a public key and a private key that correspond to each other. One is used to digitally sign a message or file and the other one is used to verify the digital signature. The public key is publicly available and known to everyone. The private key is assigned to one particular party being an individual, company or organization. Unlike the public key, the private key must be kept secret and must not be exposed or shared online. One of the great examples of using a digital signature is creating a digital business card. Combined with electronic signatures, these business cards are used to introduce companies and individuals to the business world and connect with other cardholders within the same or related business area. Confirm the identity and authenticity RSA is primarily intended for data encryption, but it is also used for creating and verifying digital signatures. Basically, digital signing works as follows:

• Each message that you send (or file that you share) must be signed and encrypted with your private key
• The received message must match the sent message, ensuring that it has not been modified in the meantime
• The only way to decrypt the sent message is by using the related public key, which the intended recipient of the message can access

How important is digital file signing It is necessary that some kind of public verification process for the files that you want to share is enabled too. Each file should be therefore accompanied by a certificate of ownership containing a cryptographic digital signature to ensure data integrity. Signing data with a digital signature allows anyone to verify the identity/authentication of both the shared file and its sender. Digital file signing is done by a software tool on our end - all you have to do is type in some metadata, specify your RSA key pair (or use one of ours) and send a file supposed to be signed. The whole process will take less than a minute and will result in the creation of a digital signature and corresponding certificate of ownership containing your name, email, date and time of issue, as well as the digital signature itself and other data stored in a barcode that can be quickly and easily decoded, read or scanned. The advantage of owning your RSA key pair There are two options when it comes to using the RSA keys:

• you can use a key pair available for free in our app, or
• you can generate your own pair od keys and use that one to sign your documents and verify signatures

The default keys will also accomplish the mission, but these keys are the same for all app users and for all digital signatures they create. If you want to create and verify an unlimited number of uniquely generated digital signatures, obtaining your own key pair is now the only option left to consider. How to create a digital signature and sign a file

• You must provide the private key used to sign the data (unless you use a private key provided by default, yet it is strongly recommended that you have your own RSA key pair)
• You must provide basic information about the file (title, author's name, company name) and this information will be stored in a QR code along with the digital signature itself
• Finally, you need to upload the file that the digital signature will be created upon
• Once the task is completed, you will be able to download your certificate of ownership

How to verify a digital signature

• You must provide the public key of the party that signed the data (unless you use a public key provided by default, yet it is strongly recommended that you have your own RSA key pair)
• You must provide the digital signature used to sign the data (it is different for every file and is available on the certificate of ownership's cover)
• Eventually, you must come into possession of the signed file or the message itself as originally sent by the signer
• Once the task is completed, you will be notified whether the digital signature is valid or not

Certificate of ownership vs. trusted C.A. signed certificate A certificate of ownership is meant to prove the ownership of the file with a digital signature attached to it. It is issued by a company that enables you to produce digital signatures and sign documents with them. A trusted CA signed (SSL) certificate is issued by a "certification authority" or a "trusted third party" approved to administer "trusted certificates". So, what is the difference between these two? Why is a digital signature called a "self-signed certificate", while the other one is "trusted"? Which one is better to go with? Technically, there is no difference. Encryption is encryption and a signature is a signature. Maths is maths. However, a "self-signed" one is unlikely to be recognized, for example, when a website is opened, or software is downloaded. This is a general rule which we must be aware of. If you intend to obtain a certificate for your website, you'd better look for a "trusted" SSL certificate in order to prevent the web browser from displaying warnings to your website visitors. Such warnings could distract visitors from opening your website. On the other hand, if your partners and customers trust your company and your business, you simply need to provide a digital signature and verify your identity and the authenticity of the files you share with them. Furthermore, your partners and customers expect to use your encryption and RSA key pair rather than a certificate from someone else. Another thing, very important - the certificate of ownership issued by our company confirms that you are legally connected to the document you signed with a digital signature and it cannot be replaced by any other certificate created by a "trusted third party". Please note that these certificates are not interchangeable.