State of Kansas Information Technology Identity Management

PKI General Information

VeriSign PKI and Authentication Services Tour and Demo's - Website

CIVICS.com - "Designing e-systems to support & reflect your strategy" - Website

Digital Signature Whitepaper "Understanding Digital Signature and Public Key Infrastructure - Word Document

"The State of Kansas Digital Certificate Implementation is a shining example of how state agencies can work together with a single focus and achieve great things."

Lisa Jones
General Manager - Kansas.gov

PKI General Information

PKI DOES

PKI DOES NOT

A digital signature is not a digital picture of your signature. A digital signature is a method of linking your exclusive identity to an electronic document or transaction to accomplish what your written signature accomplishes on a paper document. According to the American Bar Association, a signature accomplishes several functions including but not limited to evidence, ceremony and approval of a writing.

A digital signature can be used to provide both signer and document authentication. Signer authentication is the ability to identify the person who digitally signed the document. Signer authentication protects against non-repudiation, meaning a signer cannot deny they signed a document or transaction. Document authentication ensures the information was not altered after it was digitally signed.

The need for digital signatures

When electronic documents are used to support a business or legal transaction, these documents may require a signature as an endorsement or authentication to be considered ?official? or ?authorized.?

Until now, when a signature was desired or required, electronic documents had to be converted to paper. Paper documents create a variety of problems that affect both the flexibility and speed of transactions. It also creates retention issues because the conversion to paper requires management of paper documents for their official life. With proper planning, the retention of electronic documents may occur automatically with the transaction. The nature of the transaction these documents support has not changed, but the environment in which the transaction is made is changing.

How digital signatures work

When a certificate holder applies a digital signature to information, the holder?s private key is used to create a hash value (character string) exclusive to the combination of their signature and the specific information. The certificate holder?s public key is available to the intended receiver (who also has a digital certificate) so the receiver can verify the information.

If the information was altered in any way, this hash value would not match and the information would be invalid and (in effect) lose the signature. Because it is impossible to derive one key (public or private) from having the other, a digital signature has great integrity. Consequently, it is more acceptable than other types of electronic signatures.