Hello, my dear readers, like every Wednesday I come to talk to you about the challenges present in cyberspace.

This time we have an essential issue for the much-needed digital transformation of our society. The digital signature is an increasingly used resource in the business, administrative and personal spheres, as it offers multiple advantages for the management of electronic documents. Among them, the following stand out:

  • Security:

    Guarantees the identity of the signer, the integrity of the document and the non-repudiation of the signature. Furthermore, it is based on international standards and legal regulations that give it legal validity.

  • Savings:

    This reduces costs associated with paper, printing, shipping and storing documents. It also streamlines processes and avoids human errors.

  • Convenience:

    Allows you to sign documents from any place and device, without the need to travel or wait. It also facilitates access and consultation of signed documents.

  • Sustainability:

    Contributes to the protection of the environment, by reducing the consumption of natural resources and the generation of waste.

A digital signature is a mechanism that guarantees the authenticity, integrity and non-repudiation of an electronic document. That is, it allows us to ensure that the document comes from whoever claims to be the author, that it has not been modified and that its authorship cannot be denied.

In general terms, a digital signature scheme offers a cryptographic analogue of handwritten signatures that, in fact, provides much more certain and encouraging security guarantees. These constitute a powerful tool and are currently accepted as legally binding in several countries around the world; They can be used to certify contracts and legalize a large number of documents. In turn, they also enable the secure distribution and transmission of public keys and therefore, in a very real sense, serve as the basis for all public key cryptography.

PKI (public key infrastructure) is a system that allows data to be encrypted and signed through the use of digital certificates. Digital certificates are electronic documents that prove the identity of a person or entity and that contain a pair of keys: one public and one private.

The public key can be shared with anyone who wants to communicate with the certificate holder, while the private key must be kept secret and known only to the certificate holder. The public key is used to encrypt the data that is sent to the certificate holder, and the private key is used to decrypt it. In this way, the confidentiality of the communication is guaranteed. The first is used to verify the digital signature of the certificate holder, and the second is used to generate it. The digital signature is a code that is added to an electronic document and that demonstrates that the document comes from the holder of the certificate and that it has not been altered. In this way, the authenticity and integrity of the document is guaranteed.

The PKI works through the intervention of a certification authority (CA), which is a trusted entity that issues and validates digital certificates. The CA verifies the identity of the certificate requester and assigns him or her a key pair. The CA also signs the certificate with its own private key, so that anyone who receives the certificate can verify that it was issued by the CA.

PKI also implies the existence of a certificate revocation registry (CRL), which is a list of certificates that have been canceled or have expired and are no longer valid. The CRL is updated periodically and can be queried to verify the status of a certificate.

This entire process in Cuba is highly legislated today. Through Decree-Law No. 370, “On the computerization of society in Cuba”, and Resolution 23/2022, “General rules for the establishment and use of digital signature services for electronic documents based on cryptographic devices and techniques ”, from the Ministry of the Interior, the principles and requirements for the use of digital certificates of the national public key infrastructure are established. The decree-law recognizes the legal validity of digitally signed documents and equates them to handwritten signed documents. Likewise, the aforementioned resolution establishes the following stages for the conception of this service:

  • Creation of the digital signature:

    process by which an official, using the private encryption key assigned to him and the defined cryptographic procedures, executes a digital signature on an electronic document;

  • Creation of the stamping of the electronic seal:

    process by which a designated official, using the private key assigned to him for the specific fulfillment of this task and the defined cryptographic procedures, stamps on an electronic document, which may be previously digitally signed by its author , the seal, also electronic, of the entity; and

  • Verification of the validity of the digital signature and electronic seal:

    process by which a recipient who receives a digitally signed electronic document, electronically minted or not, can execute, using secure techniques connected to networks or outside them, the verification of its validity, authentication and integrity, using the public key digital certificates of the sender, the stamper or both.

  • In order to use the digital signature, it is necessary to have an electronic certificate, which can be obtained in different ways, depending on the type of user and the level of security required. The digital signature in Cuba can be obtained through different entities authorized by the Ministry of the Interior, such as Softel, Xetid, Datys, Tecnomática and Segurmática. The latter recently celebrated its 29th anniversary guaranteeing the safety of its clients. As an example of its application, through these companies digital certificates are issued to taxpayers who need to carry out procedures with the National Tax Administration Office (ONAT). Likewise, they implement various tools that offer good usability when signing documents, such as

    e-Firma

    , an application for mobile devices developed by Softel and available in the Application Center for Android devices ( Apklis).

    The digital signature in Cuba is a tool that facilitates the computerization of society and the economy, and that offers security, savings, comfort and sustainability to users. However, there are limitations and challenges to its diversification, which in some cases may be technological, training and, above all, resistance to change. Therefore, it is necessary to continue working to improve the conditions that allow better use of this technology.

    That's all for today, we will meet again next week to continue, here at Safe Code, talking about the challenging world of cybersecurity.