Working with Digital signature [closed]

Question

Welcome to StackOverflow! Your question is very general. My answer is below but in the future, more specific questions are preferred.

In this answer, I'm assuming that you're talking about a person digitally signing documents, such as PDF or Word files using standard digital signatures, as described by the NIST Digital Signature Standard and other harmonized standards.

1) I am guessing this is how it works( encrypting a few characters and then decrypting it to verify). ?

No, that's not how standard digital signatures work. See this source and others for an explanation.

2) If i encrypt a signature of my manager, Do i encrypt his actual signature or his name ?

Strictly speaking, a digital signature guarantees that the signer's digital certificate was used to sign the file/document and that the document was not modified since it was signed. So one answer to your question is that you create a digital certificate for your manager. The digital cert does NOT include a graphical representation of your manager's handwritten signature.

A document can be digitally signed by Fred without showing Fred's graphical signature on it. This is sometimes called an "invisible digital signature" since the document's visual appearance is not altered.

Practically speaking, people expect to see a visual representation of the signer's signature on documents that are digitally signed. This can be done by adding the graphical signature to the document and then digitally signing the document.

Some standards for digitally signing specific document formats explicitly support (optional) graphical signatures as a part of the digital signing process. This includes the PDF standard for adding digital signatures to PDF documents and the de facto standards for adding digital signatures to Word and Excel docs too.

3) What do I print on the paper that is printed after the signature.? this name or the encrypted characters.

You, as a programmer, don't print anything on the paper! You use an API (there are many choices, including these), to digitally sign the document. You then use standard apps for printing the document. The apps need to understand and implement digital signatures.

If you use standard digital signatures, then a digitally signed file will usually be printed by off the shelf software. Eg, a digitally signed Word document will be printed by using the Word app. A digitally signed PDF document is usually printed by the free Adobe Reader app but can also be understood and printed by other apps such as Bluebeam, Adobe Acrobat, etc.

The (invisible) digital signature is not visible on a printed document. Only the visible graphical signature (if it was included in the signing process) will be visible.

4) How does another person outside my office verify this signature ?

For PDFs, they most often open the signed document in free Adobe Reader. (No add-on software is needed.) Adobe Reader will re-hash the document and compare its calculated hash with the digitally signed hash in the digital signature. That will prove that the document was not modified since it was signed.

Adobe Reader will also check if you trust the signer's digital cert (included with the document) by comparing it and its parents to the certificates in the computer's trust store. If the signer bought an (expensive) digital cert from a CA then the check will usually succeed.

Or you can create a self-signed digital certificate for your organization, and publish it on your web site and in third party directories. This is what most of my company's customers do. In this scenario, operating costs for your digital signing infrastructure are far lower (by orders of magnitude). But the document recipients need to do a one-time install of your organization's root certificate. In practice, this works fine.

Adobe Reader will also check timestamps, digital cert validity dates, the digital cert's Certificate Revocation List (CRL) and/or the CA's Online Certificate Status Protocol. Verifying a digital signature is complex.