Electronic signatures are a digital representation of an individual’s agreement that is intended to be the equivalent of a “wet” signature. Electronic signatures encompass a set of methods that can be applied to a digital document to capture intent to sign, and consent to sign electronically. They do this by electronically gathering metadata related to all signing events, and creating an audit trail that is cryptographically sealed to ensure document authenticity, nonrepudiation and integrity of the electronically signed document. This audit trail may also contain various supporting evidence of the individuals signing the document, such as names, email addresses, identity proofing and authentication steps. Evidence details may vary with each product, but the audit trail provides evidence to support the legal value of the document. A digital signature (as it relates to document signing) is a type of electronic signature that, in addition to the requirements of an electronic signature, also requires that each signer sign the document with a digital certificate that is explicitly issued to them.
Public-key infrastructure (PKI) is a foundational infrastructure component used to securely exchange information using digital certificates. It is included in all the browsers to protect traffic across the public internet, and organizations use it to secure their business environment. The organizations generally use public-key cryptography and X.509 certificates for authentication and verification of the ownership of a public key. The software allows for end-to-end lifecycle management of these certificates. The certificate lifecycle management (CLM) includes enrollment, validation, deployment, revocation, and renewal of the certificates to provide uninterrupted service. Fundamentally, security and risk management technical professionals use PKI and CLM software to manage risks. The software can alert and notify the admin users if the certificates are expiring or are out of policy compliance. Further, the software also provides capabilities to discover, assign ownership, and report on the organization’s usage of certificates from multiple CAs.