Want to know what a digital signature is and how it works? And why more and more businesses are relying on digital document signing? Read on to find out.


What are digital signatures?

Digital signatures are a means to authenticate the identity of signers and the integrity of signed electronic documents and messages. They are admissible as evidence in legal proceedings and provide a higher level of security than handwritten signatures.

eIDAS uses the term advanced electronic signatures to refer to digital signatures. According to the regulation, a digital signature must be:

  • uniquely linked to the signer,
  • capable of identifying the signer,
  • linked to the data signed so that any later change in the data is detectable.

Additionally, the signer needs to have sole control over the data used to create the digital signature.

In an open system, such as the Internet, the parties do not know each other in advance. Therefore, to be able to securely use digital signatures, they must have a way to link a digital signature to the person who created it.

To this end, public key infrastructures or PKIs have been developed. In a PKI system, trusted third parties known as Trust Service Providers issue digital certificates. A digital certificate is an electronic file that binds a public key to its owner.


How do digital signatures work?

To create a digital signature, you must use an eID (e.g., MitID, itsme®, BankID). Each eID contains a public-private key pair and a digital certificate issued by a Trust Service Provider that binds the public key to its owner.

The private key is used to sign the document and should be kept secret. The public key needs to be shared with the recipients so they can authenticate the signature. The only way to validate a digital signature created with a person’s private key is by using the same person’s corresponding public key.

Here’s what happens, from a technical perspective, when a person creates a digital signature with an eID:

  • A hash value of the document at the time of signing is generated.
  • The hash value of the document is then signed with the signer’s private key.
Creating a digital signature

Now, let’s see how the signature validation process works.

  • A hash value of the signed document is generated. A digital signature is only valid if the hash value of the signed document and the hash value of the document at the time of signing are the same. If the two hash values are different, it means that someone has made changes to the document after signing.
  • The digital signature is validated using the signer’s public key (which is included in their digital certificate).
Validating a digital signature

A digital signature is only binding when:

  • the signer’s public key can validate it and;
  • the hash value of the signed document and the hash value of the document at the time of signing match.


Learn more about digital signatures


Digital vs. electronic signatures
Are digital signatures legal in my country?
Are digital signatures secure?
What are the benefits of digital signatures?
When can I use a digital signature?
How to sign PDF documents with Penneo
How to verify a digital signature
Sign documents for free with our digital signature solution


Digital signatures vs. electronic signatures

The term electronic signatures refers to all data in electronic form which is attached to or logically associated with an electronic document or message and which is used by the signatory to sign.

Therefore, the difference between digital and electronic signatures is that digital signatures are far more secure than simple electronic signatures.


Are digital signatures legal in my country?

Under EU’s eIDAS, digital signatures are just as legally binding as traditional signatures placed on a piece of paper. And according to eIDAS, it is not allowed to discriminate against a signature on the grounds that it is in electronic form.

However, there are still a few exceptions where the law requires a handwritten signature. These exceptions are different for each Member State.

Country-specific exceptions
Country Exceptions
  • Prenuptial agreements
  • Wills
  • Lease agreements, if one of the parties requests it
  • Notice of termination of the lease by the landlord
  • Prenuptial agreements
  • Minutes of general meetings and board meetings, unless they are electronically signed on the platform provided by Brønnøysundregistrene
  • Notice of termination of the employment by the employer
  • Share certificates, issue certificates, convertible instruments issued in the form of debentures, and warrant certificates
  • Wills
  • Notice of termination of the employment by the employer
  • Documents which transfer the rights to a property or an asset
  • Contracts that must be notarized
  • Real estate transfers and deeds, with the exception of leases
  • Contracts governed by family law or inheritance law, such as testaments and prenuptial agreements
  • Certain corporate certificates or documents, such as share certificates, issue certificates
  • Termination letters
  • Contracts which create or transfer rights in real estate, except for rental rights
  • Contracts requiring by law the involvement of the courts, public authorities, or professions exercising a public service (e.g., a notary)
  • Contracts for personal and real guarantees given by persons acting for purposes other than their trade, business or profession
  • Contracts governed by family law or inheritance law, e.g., prenups, wills, deeds of adoption, divorce agreements, etc.


Are digital signatures secure?

Yes! Digital signatures allow you to verify the identity of the signers, make sure any documents you send out cannot be modified, and ensure that the signer cannot deny having signed said documents.


What are the benefits of digital signatures?

Besides providing a higher level of security than handwritten signatures, digital signatures will also help you:

  • reduce the amount of manual work in preparing, sending, signing, and scanning documents
  • remove the need for ink, paper, and postage fees
  • make it more convenient for your stakeholders to sign documents

Other advantages of digital signatures are faster contract turnaround, hassle-free compliance with legal requirements, and a positive impact on the environment.


When can I use digital signatures?

Companies across multiple industries and departments use digital signatures to improve efficiency and strengthen data security. Here are some examples of documents that can be signed digitally:

  • Annual reports, audit reports, engagement letters, letters of representation, management statements, NDAs, and tax documentation
  • Loan & mortgage agreements, board & company documents, insurance policies, pension schemes agreements, leasing offers, voluntary settlements, and repayment agreements
  • Lease agreements, purchase contracts, deeds, and real estate web forms
  • Employment contracts, company policies & guidelines, and bonus agreements
  • General meeting documentation, governance policies, and articles of association


How to sign PDF documents with Penneo

Creating a digital signature is quick, secure and convenient. See here how you can sign PDFs online with Penneo.


How to verify a digital signature

The main reason digital signatures are more secure than handwritten signatures is that they are virtually impossible to be forged. That is because digital signatures are built on PKI technology, so their data is embedded in the final document and verifiable.

If you want to check the validity of a digital signature, you can do so in several ways:


Sign documents for free with our digital signature solution

Penneo Sign is a secure digital signature solution that provides:

  • Signer authentication: To verify that the signer is who they say they are, Penneo employs trusted digital IDs such as MitID, Swedish BankID, Norwegian BankID, itsme®, and Finnish Bank IDs and Mobiilivarmenne.
  • Document integrity: To prevent anyone from tampering with the content, Penneo places a unique watermark on each signed document. On top of that, our software creates an audit trail that documents every step in the signing process.
  • Non-repudiation: When signing a document via Penneo, users need to accept a declaration of consent. The statement contains an overview of the agreement and is part of the signature itself. Additionally, Penneo timestamps every signature with the date and time of creation. As a result, the signature can’t be denied.
  • High level of security: Penneo is a qualified trust service provider (QTSP) that employs encryption and role-based access control. This way, only authorized people can access sensitive data and information.
  • Integrations with popular tools and the possibility to build a custom API integration

We hope by now you’ve been convinced of the many advantages of using digital signatures in your organization. So what are you waiting for?

Request a free trial and start signing documents online for free today!



If you're looking to learn more, we have a few suggestions for you

9 expert tips for picking the perfect KYC solution

9 expert tips for picking the perfect KYC solution

eIDAS 2.0

eIDAS 2.0 and its impact on digital transactions and identity verification

EU unveils ambitious AML package

EU unveils ambitious AML package