What, why, how?
Digital signatures and electronic signatures are sometimes used interchangeably, which is a common mistake. Think of digital signatures as the technique by which the signature is applied and electronic signatures as the type of signature.
Most electronic signatures today are done using a digital signature, but they don’t have to be. For example, writing your signature on a computer with a mouse or stylus is an electronic signature, but not a digital one. It is like how signing with an ink pen on paper and signing with chalk on a blackboard are both handwritten signatures, but most likely only the first will have legal standing as a “written signature”.
So what are digital signatures? A digital signature is a mathematical technique used to guarantee the authorship and integrity of a message or piece of data. Any kind of data. For us it’s contracts, but it could just as well be an email or a bank transaction.
So how is this actually done? The de facto standard for creating and validating digital signatures is called Public Key Infrastructure (PKI). In PKI a private key is used to sign the message and a public key is used to validate the signature. A certificate issued by a trusted third party, called a Certificate Authority (CA), is used as proof that the holder of the private key is who they say they are.
Six reasons why we choose digital signing
Safe and secure
Even if electronic signatures are safe and secure, digital signatures are the safest and most secure way of signing in a digital world.
Your handwritten signature is yours and should be hard to copy. A digital signature is even more uniquely yours. Every signature contains identifying information unique to each signer.
PKI-based digital signatures are standard for institutions, governments, and organizations around the world, reducing the need to reinvent the wheel.
Digital signatures as well as electronic signatures can be collected on any device, your phone, laptop, tablet, etc. You can safely and securely sign anywhere, at any time.
Easiest way to sign
Both digital signatures and electronic signatures are the most straightforward way to sign a document. Signing is as simple as a click or a tap on your screen.
Once a document is signed with a digital signature, it’s sealed. Any changes made afterward will invalidate the original signature. You can be safe knowing that it’s exactly what you agreed to.
The differences between digital signatures and electronic signature
|Digital signatures||Electronic signatures|
|More unique than electronic signature, containing identifying information unique to each signer.||Like handwritten signature, it’s hard to copy and is uniquely yours.|
|It ensures the integrity and authorship of your contracts.||It ensures the signature is connected to the signer.|
|It ensures your signed contracts are tamper-proof, preventing changes after they are signed.||It indicates that there’s an intent of the signer to agree to the content as specified in the contract.|
|It’s a method to guarantee integrity.||It’s a type of signature.|
|It’s generated by a software technology.||It’s generated by the signer either through a click of a button or a hand drawn signature on an electronic device.|
Digital signing FAQs
How do digital signatures work?
Digital signatures work the same exact way that handwritten signatures do. They are unique to each person. Digital signatures adhere to the standard format of PKI. PKI states that the document provider, in this case, Oneflow, uses an algorithm to create a number sequence which are called keys. One public and one private key is created during each digital signature. The private key is used to sign, while the public key is used to verify.
Every time a person signs a document electronically, the signature is created using the signer’s private key. This is securely contained by the signer. During the signing process, the algorithm becomes the cipher with which it matches the data from the signer with the signed document, then encrypts it. The encrypted data is the digital signature. The signature is recorded with a date and time stamp for that document, and if any changes are made to the document after signing, the digital signature is no longer valid.
Maintaining the integrity of the digital signature is vitally important. According to the terms set out by PKI, the keys must be created, conducted, and saved in a secure manner that requires a reliable Certificate Authority. Oneflow meets all the PKI requirements for safe and secure digital signatures.
What is Public Key Infrastructure?
Public Key Infrastructure (PKI) is a set of policies and procedures that are needed to create, store and revoke digital signatures (along with other things). PKI is a facilitator when it comes to securing the electronic transfer of information such as digital signatures and other network activities. In this case, it binds the public key with the identities of people or organizations (i.e. their private key). The binding of this information is done due through a process of registration and issuance of certificates by a Certificate Authority (CA).
What is a Certificate Authority?
A certificate authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key. As digital signatures use both public and private keys, the CA acts as a trusted third party to verify the authenticity of a signed document. CAs are typically organizations that have been universally recognized as reliable for ensuring key security and are able to provide valid digital certificates. The CA must be agreed upon by both the entity sending the document and the recipient signing it.
Why would I use a digital signature?
You would use a digital signature for a myriad of reasons. To sign a contract, a document, agree to a set of terms and conditions etc. Especially in the post covid period, a written signature is harder and more difficult to acquire. As such, many countries and global regions have established e-signature standards based on existing digital signature technology. It does refer to local standards, but working with a PKI and a trusted CA ensures that the digital signature is enforceable and accepted in each local market. It also ensures that digital signatures use an international and widely accepted standard technology that prevents forgery or changes to a document after it has been signed.
Which are the three types of electronic signatures?
There are different types or levels of electronic signatures according to the eIDAS Regulation: SES (Simple Electronic Signature), AdEs (Advanced Electronic Signature), and QES (Qualified Electronic Signature).
SES (Simple Electronic Signature)
The definition of an Electronic Signature under Swedish and EU law means that “means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign” (eIDAS Regulaton article 3).
As there are no specific security requirements laid down by law, it is not possible to determine the legal value of such signature without evaluating the method and security applied in the specific case.
AdEs (Advanced Electronic Signature)
As the name suggests, it is an advanced form of signature that offers more security than a simple electronic signature. It can also identify the person who has signed the document.
This type of e-signature allows you to detect if someone has tampered with the signature after the signatory has put it on the document. These signatures are made secure with the help of cryptographic keys.
According to eIDAS Regulation, an advanced electronic signature means “an electronic signature which meets the following requirements:
- it is uniquely linked to the signatory;
- All parties are capable of identifying the signatory;
- it should be created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control. And
- it is linked to the data signed therewith in a way that any subsequent change in the data is detectable.
QES (Qualified Electronic Signature)
The eIDAS Regulation defines qualified electronic signature as an advanced electronic signature that is created by a qualified electronic signature creation device. which is based on a qualified certificate for electronic signatures”.
These signatures are advanced e-signatures but must adhere to certain EU standards. (i.a. based on a so called qualified certificate), which means they offer additional protection controls over the advanced counterparts.
You create this signature with the help of a device that’s specifically designed to create e-signatures. A court must normally admit these certificates the same legal value as a handwritten signature.