What is the Electronic Signature and how is it generated? In the Commercial Code it is defined to the Electronic Signature as the data technologically associated with a Data Message, which is used to identify and represent the will of the signatories in relation to the content of said Data Message, so that the Electronic Signature produces the same legal effects as the signature autograph.
The Data Message can be understood as any document expressed digitally. It is not limited to any specific file format, audio or video recordings, multimedia files can be signed, although the most used formats are digitized texts in document format. The Data Message is expressly contemplated in Mexican legislation, specifically in the artículo 89 of the Commercial Code.
For the signing process to be carried out, the signer must identify himself through certificates that a Certification Authority or Certification Service Provider has generated.
The e signature in Mexico (formerly known as FIEL) is one of the most widely used Advanced Electronic Signatures today and counts as a valid certificate to generate an electronic signature. The SAT is the Certifying Authority that, through a personal interview, collection of documents and biometric data, gives each person a unique pair of keys so that they can generate their signatures.
The signature generation process has a standardized technological component that, through cryptographic algorithms, generates a text string called Electronic Signature.
At the same time that the signature is made, the date and time of the process (timestamp) is stamped, according to an atomic clock of the Ministry of Economy through a Certification Services Provider (PSC) . This process provides the legal effect of “Certain Date”.
As a result of the electronic signing process, a set of alphanumeric characters is created that does not make sense as a readable text at a glance, however, it represents the combination of the Data Message and the signers keys in a unique way and unrepeatable, as if it were a fingerprint.
Once all the signatories involved in the document have made the electronic signature individually, it is time for the DigitaFirma system to add to the document a Data Message Conservation Certificate (CCMD) that will be issued by a Certification Services Provider (PSC).
Basically this record contains six main elements according to NOM-151:
This certificate will be added by DigitaFirma at the end of the document, after the signature sheet and later it will be sent to each of the signers. This certificate allows the originality and integrity of the document to be accredited to third parties from the date, hour, minute and second of issuance of the Certificate.
The algorithms used to electronically sign documents also have mechanisms to validate the authenticity of this signature.
The operation of this process is very simple, since the minimum change in any of the components of the document would produce a data chain totally different from the original, and that allows DigitaFirma or any similar system to detect the validity of an electronic signature.
Since it is materially impossible for two different Data Messages to produce the same summary (hash) that, combined with the signers public and private keys, will be used to create the signature, it can be ensured that each document will produce a different signature and that this is safe.
Every time cryptographic algorithms become more sophisticated to remain distant from vulnerabilities that put the information that has been encrypted with this algorithm at risk. The Ministry of Economy, through its regulations, is the one who defines the algorithm to be used for the generation of Electronic Signatures, with SHA-2 being the current standard algorithm.
One of the characteristics of the Electronic Signature is its technological neutrality. This means that regardless of the system or application that has been used to create the signature of a document, this signature can be validated in any other. Thus, a document signed electronically in DigitaFirma can be validated in any other application that is aligned with the standard published by the Ministry of Economy.
