Digital Signatures and What You Need to Know
Posted on May 21, 2024

How to Create a Digital Signature

Digital signatures are created using specialized platforms and devices provided by licensed certification authorities. Once created, the digital signature is attached to the electronic contracts that need to be signed.

In practice, digital signatures are rarely used for large and complex contract negotiations. Instead, they are primarily used for filing customs declarations, social insurance declarations, paying taxes online, issuing electronic invoices, or conducting transactions with banks and other online systems.

What Information Should a Digital Signature Contain?

A digital signature includes information such as:

• The name of the digital signature certification service provider.
• Business details such as tax identification number and company name.
• Related information, such as the serial number of the digital certificate, validity period, and the public key.

Characteristics of Digital Signatures

Digital signatures often come in the form of a USB device, also known as a USB Token. The owner's information is encrypted inside the USB. This hardware device is used to generate key pairs and store customers' data messages.

Strong Public Key Security: Digital signatures are based on the most advanced public key encryption technology, RSA. Each user has a key pair consisting of:

• Public Key: Used for verifying signatures.
• Private Key: Kept secret by the user for creating signatures.

This ensures high security for the signature owner and reduces the risk of misuse by unauthorized entities.

Digital Signing Process

After the digital signature is created, the private key is embedded into software applications. In these programs, the digital signature (DS) is linked to data messages and provides robust data security.

The signer, as the owner of the online signature, uses the private key to access and digitally sign documents. The signed data includes personal information, profile pictures, and other related data, confirming the integrity of the message.

Recipients of Digital Signatures

Recipients of digital signatures can include individuals, business organizations, social institutions, and government entities. Once the signature is sent, the recipient can use the digital certificate of the signer to verify the data. If the account is verified and the information is accurate, transactions can proceed. Digital signatures that include comprehensive information and images significantly assist in verifying data for transactions.

Legal Validity of Digital Signatures Under the Law

Digital signatures must be certified by recognized service providers and meet the following security requirements:

• Creation During Valid Certificate Period: The signature must be generated within the validity period of the corresponding digital certificate.
• Verification Using Public Key: The signature must be verifiable using the public key listed on the valid certificate.
• Key Pair Usage: The signature must be created using both the private key and the corresponding public key listed on the certificate issued by a competent authority.
• Private Key Control: The private key must remain under the sole control of the signer at the time of signing.

Currently, in Vietnam, there are 25 authorized digital signature providers for businesses. Enterprises can purchase digital signatures through agents of these providers.