How to tell if a digital signature is trustworthy

How to tell if a digital signature is trustworthy

Digital signatures play a central role in software security especially when operating computer system. This article explains what a digital signature is, and how you can check to make sure that a digital signature is trustworthy.
What is a digital signature?
A digital signature is used to authenticate (authenticate: The process of verifying that people and products are who and what they claim to be. For example, confirming the source and integrity of a software publisher’s code by verifying the digital signature used to sign the code.) digital information — such as documents, e-mail messages, and macros — by using computer cryptography. 

Digital signatures help to establish the following assurances: 

Authenticity ;The digital signature helps to assure that the signer is who they claim to be. 

Integrity ;The digital signature helps to assure that the content has not been changed or tampered with since it was digitally signed. 

Non-repudiation ;The digital signature helps to prove to all parties the origin of the signed content. “Repudiation” refers to the act of a signer’s denying any association with the signed content.

To make these assurances, the content must be digitally signed by the content creator, using a signature that satisfies the following criteria: 

The digital signature is valid (valid: Refers to the status of a certificate checked against a certificate authority’s database and found to be legitimate, current, and not expired or revoked. Documents signed by a valid certificate and not altered since signing are considered valid.). 

The certificate (certificate: A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver’s license, can expire or be revoked.) associated with the digital signature is current (not expired). 

The signing person or organization, known as the publisher, is trusted (trusted publisher: The developer of a macro that is trusted by you on your computer. The trusted publisher is identified by the certificate that they used to digitally sign the macro. Also known as a trusted source.). 

The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.).