Signing files

Stormshield Data Sign makes it possible to electronically sign documents. Digital signatures are based on a Public Key Infrastructure (PKI) and are the result of a cryptographic operation.

Stormshield Data Sign makes it possible to guarantee the authenticity of signers’ identities and the integrity of what these files contain.

In addition, signing a document with Stormshield Data Sign can be considered a commitment, like a written signature does.

When a user signs a file with Stormshield Data Sign:

  • The unique fingerprint of the document is created using a mathematical algorithm
  • The document fingerprint is signed using the user's private key and is combined with their public key and certificate to create a unique digital signature which is appended to the file.

Stormshield Data Sign puts the signed file in a new file that has the same name as the original file but with a different extension. The signed document is sealed and any changes made to it after it has been signed invalidates the signature, thereby protecting against signature forgery and information tampering.

When you check a signed document using Stormshield Data Sign:

  • The signature of the sender is verified using the public key of the sender and the original document fingerprint is extracted. Then Stormshield Data Sign calculates the fingerprint of the received data and compares it to the original one previously extracted. If both fingerprints are the same, the document integrity is validated
  • The authenticity and validity of the sender's certificate, and therefore its signature, are validated using the Certificate Revocation List (CRL).

For more information on how to configure Stormshield Data Sign in SDMC, .refer to the SDS Enterprise Administration guide.

Refer to the following sections on how to use Stormshield Data Sign.