How Do Digital Signatures Work?

Published Date: 8 July 2019 | 8 min read

Digital signatures

 

What are digital signatures?

Digital signatures are a means to authenticate the identity of signers and the integrity of signed electronic documents and messages. They are admissible as evidence in legal proceedings and provide a higher level of security than handwritten signatures.

eIDAS uses the term advanced electronic signatures to refer to digital signatures. According to the regulation, a digital signature must be:

uniquely linked to the signer,

capable of identifying the signer,

linked to the data signed so that any later change in the data is detectable.

Additionally, the signer needs to have sole control over the data used to create the digital signature.

To meet these requirements, digital signatures employ public key infrastructure (PKI). PKI is a set of roles, technologies, and processes needed to generate and manage cryptographic key pairs and digital certificates. A digital certificate is an electronic file that binds a public key to its owner. The trusted organizations that issue digital certificates called Trust Service Providers.

 

How do digital signatures work?

Digital signing solutions use a cryptographic algorithm to generate two keys: a public and a private key. The two keys are different but mathematically connected.

The private key is used to encrypt the document and should be kept secret. The public key needs to be shared with the recipients so they can authenticate the signature. The only way to decrypt a digital signature created with a person's private key is by using the same person's corresponding public key.

When a person signs a document, the digital signing solution runs the document through a hashing algorithm. This generates a unique numeric representation of the document called a message digest.

The message digest is then encrypted using the signer's private key. The encrypted message digest is the digital signature of the document.

Digital signature creation

Next, the digitally signed document is sent to the recipients. The same hashing algorithm is applied again to generate the message digest of the present document after signing.

Using the signer's public key, the recipients can decrypt the digital signature. If the signer's public key can decrypt the signature, the signer's identity is verified.

By decrypting the signature, the recipients also get the digest of the document at the time of signing.

If the two digests are identical, the document has not been tampered with since signing.

Digital signature authentication

A digital signature is only valid when:

the two digests match.

 

How to create a digital signature with Penneo?

Creating a digital signature with Penneo is quick, secure and convenient. See here how it works.

 

Are digital signatures legal in my country?

Under eIDAS, digital signatures have legal effect in all Member States.

In most cases, digital signatures are admissible as evidence to prove the validity of contracts and agreements. However, there are a few exceptions where the law requires a handwritten signature. These exceptions are different for each Member State.

 

Country-specific exceptions
CountryExceptions
DenmarkPrenuptial agreements
Wills
Lease agreements, if one of the parties requests it
Notice of termination of the lease by the landlord
NorwayPrenuptial agreements
Minutes of general meetings and board meetings, unless they are electronically signed on the platform provided by Brønnøysundregistrene
Notice of termination of the employment by the employer
SwedenShare certificates, issue certificates, convertible instruments issued in the form of debentures, and warrant certificates
Wills
Notice of termination of the employment by the employer
Documents which transfer the rights to a property or an asset
FinlandContracts that must be notarized
Real estate transfers and deeds, with the exception of leases
Contracts governed by family law or inheritance law, such as testaments and prenuptial agreements
Certain corporate certificates or documents, such as share certificates, issue certificates
Termination letters
BelgiumContracts which create or transfer rights in real estate, except for rental rights
Contracts requiring by law the involvement of the courts, public authorities, or professions exercising a public service (e.g., a notary)
Contracts for personal and real guarantees given by persons acting for purposes other than their trade, business or profession
Contracts governed by family law or inheritance law, e.g., prenups, wills, deeds of adoption, divorce agreements, etc.

 

What are the benefits of digital signatures?

Are you still hesitant about switching from handwritten to digital signatures? Here are a few benefits to change your mind.

 

1. Authentication via national eIDs

By employing eID authentication, digital signing solutions verify the identity of the signer. Additionally, eID authentication makes digital signatures impossible to forge as long as no one else has access to the signer's eID.

 

2. Document integrity via hashing and public-key encryption

Digital signing solutions run the document through a hashing algorithm. This results in two message digests: one at the time of signing and one after signing. If the two digests are identical, the document has not been modified, and integrity is ensured.

 

3. Non-repudiation

A digital signature cannot be repudiated. The signer is the only one who has access to his electronic ID, so he can't deny having signed the document.

 

4. Better customer experience

With digital signatures, customers can conveniently sign documents from anywhere in the world and on any device. By eliminating the hassle of printing, scanning, and mailing documents, businesses can improve the customer journey and spend more time on value-creating work.

 

5. Time and cost savings

Digital signatures help companies eliminate costs associated with printing, mailing, and storing paper-based documents. As an added benefit, by using less paper, organizations will lower their environmental footprint.

Besides cutting costs, digital signature tools also save time. Paper-based signing processes are slow. Think about it. You either receive the document by post or print it. Then, you need to sign and return it to the sender. To do so, have two options - scan the signed agreement and email it or send it via snail mail.

Both options are time-consuming. Not to mention, delays could occur if a document needs to be signed by multiple people who live in different locations.

Digital signatures speed up the signature collection process and save time by automating recurring tasks.

 

Digital signatures vs. electronic signatures

People often use the term electronic signatures to refer to all online signatures - including digital signatures. However, digital signatures are different from simple electronic signatures.

To be considered digital signatures, e-signatures need to meet specific requirements set by the eIDAS regulation. In conclusion, all digital signatures are electronic signatures, but the opposite does not apply.

 

Digital signatures use cases

Companies across multiple industries and departments use digital signatures to improve efficiency and strengthen data security. Here are some examples of documents that can be signed digitally:

Audit & accounting: Auditors and accountants use digital signing solutions to streamline the signature collection process for annual reports, audit reports, engagement letters, letters of representation, management statements, NDAs, and tax documentation.

Banking, financial services & insurance: The BFSI sector uses digital signatures for loan & mortgage agreements, board & company documents, insurance policies, pension schemes agreements, leasing offers, voluntary settlements, and repayment agreements.

Real estate & property management: Real estate agents and property managers can use digital signatures for lease agreements, purchase contracts, deeds, and real estate web forms.

Human resources: Digital signatures can be used to sign employment contracts, company policies & guidelines, and bonus agreements.

Other: General meeting documentation, governance policies, and articles of association.

What is the best digital signature solution?

Penneo is the best digital signature solution out there. Digital signatures created with Penneo provide:

Signer authentication: To ensure that the signer is who they say they are, Penneo employs trusted digital IDs such as NemID, BankID, itsme®, and FTN.

Document integrity: To prevent anyone from tampering with the content, Penneo places a unique watermark on each signed document. On top of that, our software creates an audit trail that documents every step in the signing process.

Non-repudiation: When signing a document via Penneo, users need to accept a declaration of consent. The statement contains an overview of the agreement and is part of the signature itself. Additionally, Penneo timestamps every signature with the date and time of creation. As a result, the signature can't be denied.

Another benefit of Penneo is that it ensures a high level of security by employing data encryption and role-based access control. This way, only authorized people can access sensitive data and information.

Equally important are all the other features that make Penneo the best digital signing solution:

Integrations with popular tools and the possibility to build a custom API integration

Document management

Custom signing flows based on predefined rules

Signing multiple documents in one go

Automatic reminders

Encrypted forms for data collection

Long Term Validation (LTV)

 

Sign up for a free trial of Penneo!