We are often told by Steel companies that they already digitally sign their certificates. Curiosity forces us to ask, how then? The answer: an authorised person copy & pastes an image of a written signature. In our opinion, that’s a digital image of a signature, not exactly a “Digital Signature”. The receiver of the certificate can never really verify whether it is real.
What SteelTrace means with “Digital Signature” is that this document is signed with a set of cryptographic keys. One key is public, the other key is private. Nobody else has access to the private key. They are mathematically linked. When the document is signed with the private key, the public key can be used to verify whether it was signed with the private key. The keys are linked, but one can not mathematically retrieve the private key from the public one. This ensures that the signing party is actually who they say they are.
Adding the blockchain layer to this means that we can also verify the contents of the certificate at the point in time it was created meaning SteelTrace can verify who put in what data at what point in time. And this can be done after the certificate moves through the supply chain.
An end customer can therefore always know that the data he/she receives is not manipulated or falsely created by an unauthorized person without having to trust the parties in between the supply chain.
This article is the first in a series where we dive deeper into how SteelTrace works. Stay tuned for more. If you have a question use the comment section below.