Digital Signature

Understanding Digital Signatures Better

What are digital signatures?

A digital signature is an electronic signature with the added advantage of digital authentication technology. Put simply, digital signatures provide the evidence of origin, identity, and status of electronic transactions and documents. They provide a layer of validation and security making them more difficult to forge than a handwritten signature.

Digital signatures ensure end-to-end message integrity, prove the identity of the organization that created the digital signature, and confirm that the information originated from the signer and was not altered. If any change was made to the signed documents, it would invalidate the whole transaction.

In many regions, including the U.S., EU, and APAC, digital signatures are considered legally binding and hold the same value as traditionally signed documents.

Based on the technology used, there are three key types of digital signatures:

1. Simple Electronic Signature (SES):Considered the most basic, these do not require strong ID verification or signer authentication. Uploading a scanned image of the signature, or checking a box to indicate consent of agreement or acknowledgment is sufficient to authenticate the transaction. Most common examples include standard e-commerce purchase transactions or any simple form that needs signing
2. Advanced Electronic Signature (AES):These signatures reliably identify the signer and establishes a link between the signer and the signature. In AES signatures, signers are asked to produce a unique access code during and after the signing process and use a valid document to confirm their identity. When the signer sends the signed document, a Certificate Authority (CA) issues a certificate authenticating the electronic signature. AES uses a PKI (public key infrastructure) digital signature technology to satisfy the requirements for an electronic seal approval. A common example is candidates accepting offer letters from companies after receiving a pin or code from HR and sending back the signed document with a scanned copy of their valid ID like a driver’s license
3. Qualified Electronic Signature (QES):These are one step above AES. They offer the highest level of trust by meeting additional requirements outlined in regulations like eIDAS, ESIGN, and others. A QES is issued only after a third-party CA gives prior identification of the signatory remotely via video chat or in person. Such signatures are bound using a multi-step procedure based on double-factor verification and encrypted keys

What’s the difference between a digital signature and an electronic signature?

Both terms are often used interchangeably but that is not the case. An electronic signature is a legal term defining what constitutes a record of intent to form an agreement, while a digital signature is a digital authentication technology.

Put simply, an electronic signature is similar to a digitized handwritten signature verified with the signer’s identity such as email, corporate ID, or phone number. A digital signature, on the other hand, is more secure and tamper-evident. The document is encrypted and information is permanently embedded, so if a user tries to commit any changes to the signed documents, then the digital signature will be invalidated.

Several countries have written laws to define an electronic signature. For example, the ESIGN Act of the U.S. defines it as a sound, symbol, or mark, made with the intent to sign. Only a few electronic signature services combine electronic signature capture processes with digital signature authentication technology to give a record of the agreement that is court admissible with strong evidential weight.

How do digital signatures work?

Digital signatures employ the industry-standard technology called PKI or public key infrastructure that ensures data authenticity and integrity. PKI uses an algorithm to generate two keys – one public and another, private. For a digital signature to serve as proof of authenticity, integrity, and identity, it needs matching cryptographic hashes.

When a signer signs the digital documents, a cryptographic hash is generated – let’s call it Hash1. This Hash1 is encrypted and attached to electronic documents with the help of the sender’s private key. The receiver opens the digital documents by decrypting the encrypted hash (Hash1) with the sender’s public key certificate. A cryptographic hash is generated again on the recipient’s end – let's call it Hash2. When Hash1 and Hash 2 match, it confirms that the electronic documents have not been tampered with and are legally valid.

What are the benefits of digital signatures?

• Efficiency: Digital signatures are instant; you do not have to wait for weeks or months to get signatures. You can manage and track contracts, NDAs, or any digital documents easily on any eSignature platform. They are also convenient as signatories can sign the documents anywhere without stepping out of their homes
• Cost-effective: Digital signatures are extremely cost-effective as you don’t have to print, sign, scan, or resubmit your document. You do not have to own a fax machine or printer. Plus, you save a lot in postage costs as well
• Environmentally friendly: The traditional wet signatures were time-consuming and harmful to the environment with so much wastage of paper, ink, and postage. In contrast, digital signatures are eco-friendly
• Simplified processes: Digital signatures automate your multi-step paperwork processes down to a few simple clicks, which helps in a streamlined digital workflow
• Secure: Digital signatures are secure because they fulfill three important conditions–

1. Authentication: verifies the identity of the signer who wants to access the system
2. Non-repudiation: a signal cannot deny the authenticity of their signature on a document or in a file or even the sending of a message
3. Integrity: ensures that the message is real, accurate, and offers safeguards from unauthorized modification during transmission

Digital Signature FAQs

How do I create a digital signature?

Creating a digital signature is very easy. All you need to do is authenticate as per the Certificate Authority’s requirements when you receive a document for signing via email and proceed to “sign.” Most of the eSignature providers walk you through the entire process.

Are digital signatures or eSignatures legal?

Yes, they are legal in several countries around the world. Various regions including the European Union and countries, including the U.S., UK, France, Australia, Singapore, Germany, Switzerland, and more have enacted regulations for eSignatures. Visit our legal page for more information on region-specific laws.

What is Public Key Infrastructure (PKI)?

PKI is key to creating digital signatures. Each digital signature transaction is carried out with a set of two keys – one public and one private. PKI holds the critical information on the cryptographic public keys that are connected to a digital certificate, which authenticates the device or user sending the digital communication.

What is a Certificate Authority (CA)?

A Certificate Authority (CA) is a third-party organization responsible for ensuring the security of keys that generate digital certificates. As digital signatures rely on public and private keys, they need to be protected to ensure safety and avoid malicious use. Both the sender and the recipient must agree to use a CA.

What is a digital certificate?

A digital certificate is an electronic document you get from a CA. It contains the public key for a digital signature request and specifies the identity associated with a public key. The resulting digital certificate then authenticates the proof of identity of the public key, such as the name of the organization. The digital certificate is valid only for a specified time.