Digital signature is an innovation that has been proven to be highly useful. Digital signature is particularly favored among companies that are looking for more efficient and less costly solutions to scale up their business. But how does digital signature work? What makes them more secure than a traditional handwritten signature, and what is their legal standing according to Indonesia’s laws? Our legal technologist manager discusses with Hukum Online experts to answer these questions.
Digital Signature is created with two technologies
According to Harzy Randhani Irdham, PrivyID’s Legal Technologist Manager, digital signature is made with asymmetric cryptography using public key infrastructure (PKI).
Public key infrastructure is a technology that sets a pair of keys for each digital signature user. With PKI, each user owns a private key which is made uniquely for each individual, and a public key, which is their private key’s mathematically-related key pair. When a user digitally-signs an electronic document, their public key is attached to an electronic certificate along with the electronic document that has been encrypted using the user’s private key. The private key is only known and controlled by signer, while the public key is used to validate their digital signature.
Public key infrastructure gives high assurance for digital signature security because the system is built in a secure way so there cannot be multiple same keys. This technology allows digital signature users to detect any changes made to the electronic document after that document has been signed, while at the same time ensures that each electronic certificate only belongs to one individual.
A regular PDF reader software can check whether the electronic information encrypted with the digital signature has the same hash value with the original information. The integrity of electronic documents can be guaranteed if the hash value is the same. Whereas, if the hash value is different, would mean that some changes had been applied after the electronic document is signed.
Also read: Mengenal Tanda Tangan Digital Lebih Jauh
Is digital signature legally-binding in Indonesia?
According to Indonesia’s Law No. 11/2008 on Information and Electronic Transactions (ITE), a digital signature has the same legal power and consequences as a traditional handwritten signature, as long as that digital signature satisfies a number of conditions.
One of the conditions stated is that the creation of digital signature requires at least two-factor authentication to be considered legally-binding. This requirement is needed to ensure the person who signs documents is the same individual whose identity is stated in the electronic certificate. To implement this requirement, a legally-binding digital signature service provider would request you to sign in using your email and asks you to submit a one time password (OTP) or biometric authentication before you can sign the document.
Furthermore, as stipulated under Government Regulation (PP) No. 82/2012, Indonesia classifies digital signature into two categories: 1) uncertified digital signature, and 2) certified digital signature. Regulations concerning on who can be a certificate authority and what it takes to classify as one is further regulated by Indonesia’s Ministry of Communication and Informatics (KEMENKOMINFO).
Read the full article here