What is a digital signature?
A digital signature is a cryptographic method for linking a signer with a document. Digital signatures are used to confirm the identity of the person (or people) signing a document, and to verify the authenticity and integrity of the information contained within. In this way, they are the digital equivalent of the pen and ink signatures found on traditional paper contracts.
Digital signatures use encryption technology to prevent fraud and tampering in electronic communications. They work via a system called Public Key Infrastructure (PKI), in which each person has a unique private key to verify their online identity. This ensures secure, transparent communication and helps build trust between customers and business partners.
Laws like the eIDAS Regulation (EU) and the ESIGN Act (US) regulate the use and legal validity of digital signatures in electronic contracts across various industries, including finance.
How do digital signatures work?
Digital signatures follow a protocol called Public Key Information Infrastructure (PKI) to create a pair of mathematically linked keys — one private, and one public.
When signing a document digitally, the signer’s private key generates and encrypts a unique alphanumeric fingerprint (“hash”) of the document. This digital signature includes a timestamp, and any subsequent changes to the document invalidate the digital signature.
The recipient uses the signer’s public key to decrypt the hash and verify the digital signature. If the decrypted hash matches a newly generated hash of the received document, it confirms that the signature is authentic and that the document hasn’t been altered. This process provides proof of origin and document integrity during electronic communication.
At a high level, the sequence breaks down into the following steps:
A unique pair of keys is created.
The signer's software creates a hash of the document.
The private key encrypts the hash, which creates a unique digital signature.
The signature is timestamped.
The recipient gets both the document and the sender's public key.
The recipient's software uses the public key to decrypt and verify the signature.
The software creates a new hash of the received document.
If both hashes match, the signature is verified.
What’s the difference between a digital signature and an electronic signature?
An electronic signature is any method used for signing a document online to show agreement with its terms. Electronic signatures are easy to use and may have fewer technical requirements than legally valid digital signatures. There are different types of electronic signatures, such as the qualified electronic signature, which is compliant with the eIDAS Regulation and the only type to have special legal status in EU member states.
A digital signature is a type of electronic signature that uses cryptographic technology to verify a document’s authenticity, ensure its integrity, and detect any tampering after signing. Digital signatures typically include an audit trail with proof of the signer’s identity, the signing date, and any changes made to the document.
Given these additional requirements, digital signatures are generally more suitable for high-risk or legally binding agreements. Many businesses use electronic and digital signatures together to enhance security and prevent fraud in digital transactions.
Both electronic and digital signatures are legally binding in most countries. Still, specific jurisdictional regulations determine when and how they are valid.
What do digital and electronic signatures look like?
Types of electronic signatures include:
Typed names in a document file or PDF
Scanned handwritten signatures from a paper contract
Handwritten signatures using a stylus or finger on a tablet
Clicking an I Agree button on a website to accept terms and conditions
Digital signatures, on the other hand, are generated by software from trusted providers and focus on security through encryption (rather than visual appearance). What users see can depend on the software used for the digital signing process, but digital signatures usually include names and a string of unique characters. These characters contain the certificate information, including the document ID, timestamp, and audit trail details.
Where are digital and electronic signatures used?
Electronic signatures are a convenient choice in formal and informal business contexts, in which the signing parties need a speedy, convenient, and legally compliant way to sign documents. For example, e-signatures are often found on business contracts, non-disclosure agreements (NDAs), invoices, employment contracts, and lease agreements.
Digital signatures are used across highly regulated industries and in cases where more sensitive information is involved, such as eGovernment-related operations (e.g., providing access to public services or issuing official identification documents).
For example, within the financial industry, digital signatures are commonly used for approving large fund transfers and preventing fraud. And in healthcare, they’re crucial for securing electronic health records to keep patient data confidential.
Digital signature FAQs
Are digital signatures legally enforceable?
Digital signatures are legally binding and enforceable in most countries and jurisdictions, including the EU and the US. However, to ensure they hold the same legal weight as a handwritten signature, they should meet specific legal and regulatory requirements. Depending on the jurisdiction or the industry-specific case, the court might have additional requirements to confirm their enforceability.
Is a digital certificate the same as a digital signature?
No. A digital signature is a type of electronic signature backed by a digital certificate, which is an electronic document issued by a trusted Certificate Authority (CA) to guarantee data integrity. The CA serves as the guarantor. In that sense, a digital certificate is essential for creating a digital signature.
What’s the difference between an advanced electronic signature and qualified electronic signature?
Advanced electronic signatures (AES) and qualified electronic signatures (QES) are the two main types of digital signatures defined by the EU’s eIDAS Regulation. The AES requires the signer of a document to verify their identity via an official ID document (passport, driver’s license, etc.). The QES, considered the most secure digital signature, requires in-person or live (via an audio/video) identity verification, guaranteed by an approved trusted authority.
