(1) Section 2-20-103, MCA requires that a digital signature be "unique to the person using it". A public key based digital signature may be considered unique to the person using it, if:

(a) the private key used to create the signature on the document is known only to the signer;

(b) the digital signature is created when a person runs a message through a one way function, creating a message digest, then encrypting the resulting message digest using an asymmetrical cryptosystem and the signer's private key; and

(c) it is computationally infeasible to derive the private key from knowledge of the public key.

(2) Although not all digitally signed communications will require the signer to obtain a certificate, the signer is capable of being issued a certificate to certify that he or she controls the key pair used to create the signature.

(3) Section 2-20-103, MCA requires that the digital signature remain "under the sole control of the person using it". Whether a signature is accompanied by a certificate or not, the person who holds the key pair, or the subscriber identified in the certificate, assumes a duty to exercise reasonable care to retain control of the private key and prevent its disclosure to any person not authorized to create the subscriber's digital signature pursuant to the laws of Montana.