I'm curious about how to determine if a digital signature created using someone else's information is forged. For example, if Timothy signs a document using Ryan's info instead of his own, is there any way to know if that signature actually came from Ryan?
1 Answer
The way digital signatures work is designed to prevent forgery. Essentially, a digital signature is tied to a cryptographic signature that only the actual owner's device can generate. So if Timothy used Ryan's info to sign something, it doesn't automatically mean he used Ryan's digital certificate, unless he had access to Ryan’s computer or account. That said, while you can't confirm the identity of the signer just by looking at their name, you can check the signing certificate associated with that signature.
That's kinda unsettling if anyone can just create a signature with their boss's details and sign off on documents!