Editing Electronic signature (section)

==Technological implementations (underlying technology)==
=== Digital signature ===
{{further|Digital signature}}
[[Image:Digital Signature diagram.svg|thumb|right|280px|A diagram showing how a digital signature is applied and then verified]]
Digital signatures are [[Cryptography|cryptographic]] implementations of '''electronic signatures''' used as a proof of [[authenticity (philosophy)|authenticity]], [[data integrity]] and [[non-repudiation]] of communications conducted over the [[Internet]]. When implemented in compliance to digital signature standards, digital signing should offer end-to-end privacy with the signing process being user-friendly and secure. Digital signatures are generated and verified through standardized frameworks such as the [[Digital Signature Algorithm]] (DSA)<ref name=CryptomathicDigSigServicesAshiqJA /><ref name="NIST_DigitalSignatureStandardDSS" /> by [[NIST]] or in compliance to the [[XAdES]], [[PAdES]] or [[CAdES (computing)|CAdES]] standards, specified by the [[ETSI]].<ref name="Turner_Diff-Electronic-Digital-Sig">{{cite web|last1=Turner|first1=Dawn M.|title=THE DIFFERENCE BETWEEN AN ELECTRONIC SIGNATURE AND A DIGITAL SIGNATURE|url=http://www.cryptomathic.com/news-events/blog/the-difference-between-an-electronic-signature-and-a-digital-signature|publisher=Cryptomathic|access-date=21 April 2016|archive-date=May 8, 2016|archive-url=https://web.archive.org/web/20160508200451/http://www.cryptomathic.com/news-events/blog/the-difference-between-an-electronic-signature-and-a-digital-signature|url-status=live}}</ref>

There are typically three algorithms involved with the digital signature process:
* Key generation – This algorithm provides a private key along with its corresponding public key.
* Signing – This algorithm produces a signature upon receiving a private key and the message that is being signed.
* Verification – This algorithm checks for the message's authenticity by verifying it along with the signature and public key.<ref name="Turner-what-is-a-digsig">{{cite web|last1=Turner|first1=Dawn|title=What is a digital signature - what it does, how it work|url=http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|publisher=Cryptomathic|access-date=7 June 2016|archive-date=February 9, 2016|archive-url=https://web.archive.org/web/20160209203857/http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|url-status=live}}</ref>

The process of digital signing requires that its accompanying public key can then authenticate the signature generated by both the fixed message and private key. Using these cryptographic algorithms, the user's signature cannot be replicated without having access to their private key.<ref name="Turner-what-is-a-digsig" /> A [[secure channel]] is not typically required. By applying asymmetric cryptography methods, the digital signature process prevents several common attacks where the attacker attempts to gain access through the following attack methods.<ref name=Cryptomathic_WHATISADIGITALSIGNATURE>{{cite web|last1=Turner|first1=Dawn|title=What is a Digital Signature - What It Does, How It Works|url=http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|publisher=Cryptomathic|access-date=7 January 2016|archive-date=February 9, 2016|archive-url=https://web.archive.org/web/20160209203857/http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|url-status=live}}</ref>

The most relevant standards on digital signatures with respect to size of domestic markets are the [[Digital Signature Algorithm|Digital Signature Standard (DSS)]]<ref name=NIST_DigitalSignatureStandardDSS>{{cite web|title=FIPS PUB 186-4: Digital Signature Standard (DSS)|url=http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|publisher=National Institute of Standards and Technology|access-date=7 January 2016|archive-date=December 27, 2016|archive-url=https://web.archive.org/web/20161227093019/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|url-status=live}}</ref> by the [[National Institute of Standards and Technology]] (NIST) and the [[eIDAS]] Regulation<ref name=eIDAS_Reference>{{cite web|title=REGULATION (EU) No 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC|url=http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG|publisher=THE EUROPEAN PARLIAMENT AND OF THE COUNCIL|access-date=7 January 2016|archive-date=January 15, 2018|archive-url=https://web.archive.org/web/20180115001229/http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG|url-status=live}}</ref> enacted by the [[European Parliament]].<ref name=Cryptomathic_MajorStandardsDigSig />  [[OpenPGP]] is a non-proprietary protocol for email encryption through [[public key cryptography]]. It is supported by [[Pretty Good Privacy|PGP]] and [[GnuPG]], and some of the [[S/MIME]] [[IETF]] standards and has evolved into the most popular email encryption standard in the world.<ref name=OpenPGPAllianceReference>{{cite web|title=Welcome to The OpenPGP Alliance|url=http://openpgp.org/|publisher=OpenPGP Alliance|access-date=7 January 2016|archive-date=January 11, 2016|archive-url=https://web.archive.org/web/20160111032333/http://openpgp.org/|url-status=live}}</ref>

===Biometric signature===

An electronic signature may also refer to electronic forms of processing or verifying identity through the use of biometric "signatures" or biologically identifying qualities of an individual. Such signatures use the approach of attaching some biometric measurement to a document as evidence. Biometric signatures include fingerprints, [[hand geometry]] (finger lengths and palm size), [[iris recognition|iris patterns]], [[speaker recognition|voice characteristics]], retinal patterns, or any other human body property. All of these are collected using electronic sensors of some kind.

Biometric measurements of this type are useless as [[passwords]] because they can't be changed if compromised. However, they might be serviceable, except that to date, they have been so easily deceived that they can carry little assurance that the person who purportedly signed a document was actually the person who did. For example, a replay of the electronic signal produced and submitted to the computer system responsible for 'affixing' a signature to a document can be collected via wiretapping techniques.{{citation needed|date=August 2020}} Many commercially available fingerprint sensors have low resolution and can be deceived with inexpensive household items (for example, [[gummy bear]] candy gel).<ref>{{cite conference |citeseerx=10.1.1.100.8172 |title=Impact of artificial gummy fingers on fingerprint systems |author=Matsumoto |date=2002|book-title=Proceedings of SPIE |pages=275–289}}</ref> In the case of a user's face image, researchers in Vietnam successfully demonstrated in late 2017 how a specially crafted mask could beat [[Apple Inc.|Apple's]] [[Face ID]] on [[iPhone X]].<ref name="BkavBkav17">{{cite web |url=http://www.bkav.com/news-in-focus/-/view_content/content/103968/bkav%E2%80%99s-new-mask-beats-face-id-in-twin-way-severity-level-raised-do-not-use-face-id-in-business-transactions |title=Bkav's new mask beats Face ID in "twin way": Severity level raised, do not use Face ID in business transactions |work=News In Focus |publisher=Bkav Corporation |date=27 November 2017 |access-date=8 May 2018 |archive-date=May 8, 2018 |archive-url=https://web.archive.org/web/20180508221113/http://www.bkav.com/news-in-focus/-/view_content/content/103968/bkav%E2%80%99s-new-mask-beats-face-id-in-twin-way-severity-level-raised-do-not-use-face-id-in-business-transactions |url-status=live }}</ref>