Frequently Asked Questions

There are many types of digital signatures.

This document covers making an eToken certificate based digital signature.  Please quickly review the Digital signature Primer to better understand why this is important to do this correctly to protect yourself by making it secure and recognized as being valid within the University and for other uses.

What is a eToken?

  • A USB key that is issued to use from the Directory of IITS
  • It only use is to store a secure certificate to verify you are who you say you are
  • The certificate on the eToken uses your UTORid and name and is locked and password protected
  • It is typically issues for a period of a year and needs to be renewed
  • you must physically have it plugged into your computer in order to use the certificate
  • you also need to have software on your computer to be able to read the manage the certificate
  • this is called a SafeNet client
  • The SafeNet client is need to set your password. re-set your password and to transfer the certificate to your signature

What software do I need for creating eToken based digital signatures? 

  • Adobe Acrobat Reader is recommended¬†because it is free download an straight forward to use
  • Acrobat using PDF's can be¬†protecting and secured¬†once it has a certificate added

How do I create a eToken based digital signatures using Adobe Acrobat Reader?

  • Please see this printable guide for Windows based computers
  • Note that the document is for use when you are at¬†your Dentistry computer¬†
  • If you are working form home, please see the appendix
  • Lastly this document is about using your eToken certificate for the digital signature - you can also add a picture of your physical signature to the digital signature which is not covered¬†

More Information:

eTokens

SafeNet client

There are many types of digital signatures.

The principle of digital signatures is that it is an viable alternate to physically signed something.  A real signature is verified, because you are doing this in person.  It is secure because it is unique and can only be produce by you.  It is protected as long as you have the document.  These principle need to apply to a digital version of your signature. Core to all of this is associating you, with a certificate.  A certificate is a digitally locked bit of data that is added to a document.

Ranges of digital signatures:

Basic - no certificate - not secure, not protected, and is not verifiable

  • A photo or scan of your physical signature.
  • The only thing about it¬†that is digital is the scan of your signature saved to a file as a picture.

Self-assigned certificate- not secure, protected, poor for verifiable

  • In this case you "certify" yourself. You issue a digital certificate to yourself and insert this in your document.
  • This happen by a company or organization offering the tools to do this in the software
  • Adobe, for example, allows clients using there software to act as their own certificate¬†authority. It is only as secure¬†as the person making the assertion.¬† Meaning if you know this person, you might trust it to be real.¬† Therefore secure is poor.
  • It is not verifiable,other than you asserting it to be true.¬†Over time you could verify that the¬†digital signature came form the same source certificate. Otherwise it has little value
  • Documents like acrobat PDF's can be locked, encrypted and password protected which does offer protection over¬†not being altered.
  • PDF are therefore a reasonable way of protecting a securing a document once it has a certificate added

Certificate Authorities - Secure, protected and verifiable

  • A certificate authority issues you a certification that you are who you say you are.¬† They also manage the issuing and revoking of such certification.¬† There are multiple types and levels of certification.¬† For example Adobe can also act as a certificate authority.¬†¬†
  • Despite this type of signature having the highest standard, there are wide variants within this class of digital signature, but it should be the start point as an organizational solution
  • Key to this is trusting the certificate authority and know whether they have the means to validate the information
  • In other words it would be secure, protected and verifiable, but lack validation to confirm your identity

The University of Toronto has a means to act as a certification authority.  They do this most commonly by issuing a certificate on a physical USB "key" called an eToken. Most University divisions have a delegated authority to issue eTokens.  At Dentistry this is the Directory of IITS.  The validity is higher because it is issues to you personally with verification of you identity as a staff of the University.