A Digital Signature is the equivalent of a physical signature in the digital world. As is the case with the validation of documents by a public service, in the same way it is necessary in some cases (e.g. public electronic tenders) to digitally sign the corresponding electronic files.
The Digital Signature aims to prove the authenticity of an electronic document, as would be the case with the validation of a document in physical form. With the use of the Digital Signature, it is proven that the electronic document was indeed created by the author who signs it, without being further altered.
In order to produce a valid Digital Signature, the use of a valid Qualified Digital Certificate is required in principle, as well as the supply of the appropriate reliable device for Secure Signature Creation Device (EDDY/usb token). Qualified Certificates are created and stored securely in it.
The Digital Signature is the mathematical "stamp" that proves the authenticity and integrity of the signed data. There are also Microsoft Office programs that provide the ability to electronically sign documents. However, be careful: This type of signature is not a valid and certified digital signature for the public.
Finally, the difference between "Digital Signature" and "digitized signature" should be emphasized. A digitized signature is nothing more than a simple image of a person's signature, usually digitally scanned or photographed, that is added to the end of a document. The digitized signature does not provide any kind of security and is not able to authenticate the sender of the document, since anyone can copy and use the image of a third person's signature.
An advanced Digital Signature cannot be replaced by an alternative type of signature, as it is based on a digital certificate, and contains the required characteristics in terms of its legal framework and substance. Placing any other form of signature (scanned, loosely stored, digitized, etc.) is a reason for exclusion from public electronic tenders.
Here are some basic facts about the Legal framework of Digital Signatures, which we believe will be useful to interested parties:
Greece has incorporated the Community Directive with the issuance of Presidential Decree 150/2001 Adaptation to Directive 1999/93/EC of the European Parliament and of the Council regarding the Community framework for electronic signatures (Government Gazette: 125 A'/25-6-2001 ). The relevant text is, for the most part, a faithful transfer of the corresponding references and provisions of the Directive. The P.D. 150/2001 sets the regulatory framework and harmonizes Greek with European law regarding electronic signatures.
In the same article it is defined that an advanced electronic signature or digital signature is an electronic signature that meets the following conditions: a) is uniquely linked to the signatory, b) is able to specifically and exclusively determine the identity of the signatory, c) is created by means, which the signatory may retain under their sole control and d) is linked to the data to which it refers in such a way that any subsequent alteration of said data can be detected.
A condition for the advanced electronic signature to be equated to a handwritten signature is that it is created by a secure signature creation device and is based on a recognized certificate (Article 3 § 1, Presidential Decree 150/2001). A secure signature arrangement is defined as one that is produced in accordance with the terms of Annex III entitled Ensuring reliability of signature generation.
In particular, it must be ensured that the signature generation data used to generate signatures is essentially provided only once and that it is private. It must also be ensured that this data cannot, with reasonable certainty, be derived from elsewhere, that it can be effectively protected by the legal signatory against its use by third parties, and that the signature is protected against forgery by means of modern technology.
A recognized certificate is defined by article 2 of the P.D. the electronic certificate issued by a certification service provider and which uniquely links the verification data of a signature (or public key) to a specific individual, following some basic conditions (Appendices I & IV of Decree 150/2001). The certification service provider is responsible for the accuracy of the above certificate (Article 3 § 1 P.D. 150/2001), which, when issued according to the terms of Annex I, is intended to contribute to establishing the authenticity of the advanced electronic signature.
The institutional framework of DIGITAL SIGNATURES can be found here.