Learn the difference between electronic signatures and digital signatures.
An electronic signature is the equivalent of your handwritten signature, and can be used to confirm content within a document, or the terms of a particular document. It is considered to be legally binding in most countries.
A digital signature is the electronic equivalent of adding a notarized signature to a document. It is an electronic, encryption-based, secure stamp of authentication on a message. It confirms that the message originated from the signer and has not been altered. UB employees may request a digital signature for business purposes only.
To fully trust the signature, the certificate used to sign the message must be vouched for. The vouching process adds an extra level of trust to the signature on the message. In some cases, the certificate is automatically vouched for by the company it’s purchased from. In other instances, the certificate must be vouched for by people who already hold confirmed certificates. Trust is transferred from one person to the next.
A digital signature for email allows you to prove to the recipient of your email that you were, in fact, the person that sent the email and encrypt the email for added security. Your digital signature includes your certificate and public key.
Certificates can not only be used for digital signatures, but they can also be used to encrypt an email message. Keep in mind that both the sender and receiver must already have a digital certificate in place prior to sending encrypted email. Encrypting a message ensures privacy by converting an email from plain, readable text into cipher (scrambled) text. Only the recipient, who has a private key to match the public key used to encrypt the message, can decipher it. This is a separate process from digitally signing a message.
Certificates are a digital means of proving your identity, using a public and private key pair. The private key is kept on a computer that the sender will use to digitally sign messages to recipients, and decrypt (unlock) messages from recipients. Private keys should be password protected. The public key is sent to others or published in a directory, so that others can use it to send you encrypted messages.
If you’re a researcher at UB working with Department of Defense (DoD) grants, you may be required to obtain a certificate (known as an “ECA Certificate”) from the DoD-approved vendor, IdenTrust in order to process your grant. Follow their step-by-step instructions, the process of obtaining this certficate is complex.