What Are Digital Signatures and How Do They Work?

Published Date: 8 July 2019 | 11 min read

From an ink pen to digital signature

For centuries, a signature could reveal a great deal about a person. Who, as a child, didn't spend hours practising the italic style signature and writing the perfect curve that would define adulthood? The classic ink pen signature has historically been the means of doing business and binding ourselves to something. For a long time, it was the only method considered globally valid. However, this long-lasting attachment has been gradually abandoned since the emergence and adoption of digital signatures.

 

What are digital signatures?

Digital signatures, also known as advanced e-signatures, refer to a specific category of electronic signatures that offer more trustworthiness and reliability. For a digital signature to be valid, it must meet the following requirements:

It has to be uniquely linked to the signer.

It has to be capable of identifying the signer.

The signer needs to have sole control of the data used to create the signature.

It has to be linked to the data signed in such a way that any subsequent change in the data is detectable.

 

Are digital signatures legal in my country?

Digital signatures are legal, trusted, and enforceable in nearly every industrialized nation around the globe and actively in use in Europe. Being the most advanced and secure type of e-signature, a digital signature is as legally binding and valid as a traditional signature placed with ink on paper. On top of that, it is also much safer thanks to all its auditable characteristics.

Legally binding digital signatures

How long are digital signatures valid?

Penneo's digital signatures are technically implemented according to PAdES standards.

The main benefit of PAdES is most a feature called Long Term Validation (LTV). The Long Term Validation is a signed document's ability to stay valid long after signing for many years or even decades.

To ensure that the document never loses its legal reliability, the proof of the signature's validity is stored as an attachment in the completed PDF. This means that your signed documents already contain everything you need to verify the signature's validity and remain valid for long periods. Penneo's Validator can help you verify the validity of digital signatures.

At Penneo allows the document's cryptographic evidence to be verified even after the platform that created the document has become inaccessible. For PDF documents, the signature data is incorporated directly within the signed PDF document. At any time in the future, it will be possible to validate the document to confirm that the signature was valid at the time it was made. This validation will always be possible thanks to the specific structure of the cryptographic evidence in PDF documents that assure LTV - in addition to having the signer's certificate (approved digital ID) cryptographically bound to the document.

What are the differences between digital signatures and electronic signatures?

The generic term electronic signature is used in an all-encompassing sense to embrace all signing methods - including digital signatures. However, electronic signatures and digital signatures are two distinct concepts and cannot be used interchangeably.
Not every data attached to an electronic document and used by the signatory to sign provides the same legal standing as a manuscript signature. To have the same value as a traditional one placed with ink on paper, the e-signature needs to adhere to the requirements of the specific regulation it was created under, so that it can be identified as a digital signature.
The digital signature is the electronic signature which ensures with most certainty the identity of the signer as well as the integrity of the message.

 

Electronic vs Digital Signatures
Electronic Signatures Digital Signatures
Signer’s identity Not verified at all, or checked through a broad selection of methods, including email or phone message – which, however, do not give full certainty for the authentication of the signatory’s identity Certificate-based eIDs that guarantee the authenticity of the signers by verifying their SSN, VATIN, etc.
Content integrity It depends on the provider and on the level of quality and safety of the product they offer. Some e-signatures can be incorporated into the document, but just a few of them are tamper-proofing Each signature is bound to the document with encryption so that no alteration is possible either to the signatures or to the signed content. If changes are made to the document after signing, these are easily detectable
Legal validity Not always accepted as equally valid as a traditional signature - only admitted in some cases Considered as the safest version of e-signature, compliant with the most stringent legal requirements, therefore always admitted, valid, and binding in the EU and worldwide.

 

How do digital signatures work?

The following is specific technical information on the functioning of our software for the creation and verification of digital signatures.

The lifecycle of Penneo's digital signatures consists of a two-phase process:

creation by the signer with their private key

verification by the recipient with the signer’s public key

The process involves three cryptographic algorithms:

 

1. The key generating algorithm

This algorithm randomly selects a private key and a corresponding public key for the two parties involved. The keys are presented in the form of random numbers and letters.

The private key of the signer is used to sign the document digitally. It shows that the signature belongs to the right person because they are the only ones with access to that private key.

The signer’s private key should always remain private. On the other hand, their public key must be shared with the recipient to allow the verification of the authenticity of the signature and integrity of the document.

Any person can verify the identity of the author of the signature through the signer’s public key. However, if the signer wants the document to be confidential, they can encrypt the message with the public key of the recipient, so that only the recipient using their private key can decrypt it. Eventually, the message is digitally signed and confidential.

 

2. The signing algorithm

This algorithm produces the digital signature from the message and private key. A digital signature is a combination of the signed document and the author’s private key.

Any variation in the content of the document or in the private key used to sign it will create a different algorithm (a different digital signature).

 

3. The signature verifying algorithm

This algorithm confirms the authenticity of the message.

The process is completely performed by Penneo, and can be summarized as follows:

The content of the document is processed by means of a hashing algorithm to create a unique sequence of numbers and letters representing the document. The signer’s private key is applied to this digest result to sign it on his behalf. The final output is the digital signature of the document.

The digitally signed document is sent to the recipient who will need the sender’s public key to verify its legitimacy. The recipient applies the sender’s public key to decrypt the digital signature and get the digest which is then compared with the hash value attached to the document. If the result is identical, it will verify that the signer’s private key was used to sign and that the document has not been altered.

 

How are digital signatures created and verified?

To better understand how the process works, let’s suppose that John wants to sign a document and send it to Mary.

 

How is a digital signature created?

John creates an electronic document in Penneo.

Penneo processes its content through a hashing algorithm. This algorithm creates a unique sequence of numbers and letters (the digest of the document).

Penneo applies John’s private key to the digest result to sign it on his behalf.

The encrypted digest is the document's digital signature. The calculation of the hash result and application of the private key through the signing algorithm is a single process conducted automatically by Penneo's software. The same applies when verifying the digital signature.

John sends the digitally signed document to Mary, the recipient, via Penneo. If John wants to ensure the confidentiality of the document and encrypt it, he checks the box The case file contains sensitive information. By doing so, Penneo encrypts the message with the Mary's public key, so that she must use her e-ID to open the link with the document.

 

Digital signature creation

 

How is a digital signature verified?

Mary receives the digitally signed document via Penneo.

If the signer wanted the document to be confidential, she would have to use her private key (that is her digital ID) to decrypt it and gain access.

When Mary receives the document, she can verify the signer's identity and the integrity of the file content via Penneo's Validator. To do so, she can upload the PDF in the Validator, and Penneo will reverse the above-described creation process to verify the legitimacy of the signature and message.

Penneo applies John’s public key to decrypt the digital signature and get the digest.

The digital signature verification consists of the regeneration of the hash value based on the same document and the same algorithm. This hash value is computed with the public key to produce a checksum, which is compared with the signature attached to the document.

If the result is identical, it will verify that the signer’s private key was used to sign and that the document has not been altered.

If Penneo cannot decrypt the digital signature, it's because it did not come from John as only John’s public key can decrypt the digests generated with his private key. If the signature is untampered, the digests should be exactly the same.

Once Penneo gets the digest, the integrity of the document can be checked. The document is processed through the same hashing algorithm used previously for the creation of the signature, and it results in a digest.

Finally, Penneo will have two digests, one based on the digital signature and the other one based on the content of the document. If the document is untampered, the digest should also be exactly the same. If both digests match, Mary can be confident that John is actually the author and that the document has not changed since he signed it. Hence, the content and the digital signature are verified.

If the digests are not equal, this will generate an error message and Mary will know the document has been altered in transit.

The same message will never produce two different hash results, just as two different messages will never produce the same hash result. This means that if the message had been tampered with by its signature, the hash result calculated by the recipient would not match the hash result calculated and sent by the sender. This is how digital signatures are the safest way to protect data and ensure immutability.

 

Penneo signature verification

 

What are the advantages of digital signatures?

If you are still hesitant about switching from hand-signatures to digital signatures, here are a few advantages to change your mind:

 

Digital signatures provide a higher level of reliability and security

Digital signatures are the safest type of signatures since they are virtually impossible to defraud. On the other hand, handwritten signatures can be easily defrauded, changes may be made to the content of the document, and contractual parties can deny having signed it.

A digital signature can protect the document in a safer way than its traditional counterpart from a triple perspective:

The identification of the signatories

The integrity of the document's content

The impossibility to repudiate both the signature and the document

In paper-based processes, you can only have uncontested certainty of these three main features by hiring a notary. Digital signatures ensure both the identity of the signers and the integrity of the documents, as well as the impossibility to deny the signature; therefore, they can be compared to notarized signatures. Moreover, digital signatures ensure all data transfers are end-to-end encrypted.

 

Digital signatures ensure a better customer experience

The rise of the digital customer has been the major driver of digital transformation. Digital solutions make it easier to meet customers' needs and provide a better experience. Therefore, they grant more business opportunities.

From common citizens to enterprises, nobody can deny the importance of digital signatures to protect their documents. More and more companies are adopting digital signatures and recognizing their huge benefits. Implementing new technologies improves synergies by streamlining workflows, reducing costs, and increasing profits.

Adaptation to this new environment must be recognized as a necessary way to avoid being left behind. The adaptation to modern business is also an advantageous investment to fully appreciate the potentiality of the global digital market. The improvement of efficiency goes hand in hand with the adoption of digital tools.

In this context, digital signatures provide even further reliability in terms of security and data protection. Furthermore, they enable your company to enjoy lots of benefits, such as automating and streamlining workflows.
 

Traditional signature vs digital signature

 

Digital signatures reduce the use of paper, thus saving time and money

In today’s fast-paced market, every minute counts.

Paper, ink, stationery, and printing tools are just some of the most evident costs associated to paper-based processes. These costs can easily be eliminated by digitizing manual processes.

Moreover, digital solutions help you save the most important resource: time.

In a paper-based process, a person first needs to come into possession of the document by receiving a mail or printing an email. Then they would physically sign the document and send it to its originator or to the other parties who need to sign it. The latter would need to follow the same steps once again and then return the document to the person who started the process, who will need to verify the validity of the document and the signatures.

Delivery delays could occur, signatures could be forged, or the enclosed documents may be altered. What’s more, the issues increase as multiple signatures are required from different people who may be located in different locations. In that case, the sender would need to mail the signed document to the other parties once he collected all the signatures. This entire process is cumbersome and time-consuming.

Digital signatures represent a cost-effective tool to simplify your processes and reduce turnaround times.

Documents can now be easily signed by partners and customers around the world at any time and from every device. It only takes a few minutes. You only need an internet connection to digitally sign a document or collect signatures remotely.

With digital signatures, delays are minimized since there is no need to wait for mailing documents back and forth by post. The automated process of digital signing streamlines workflows by eliminating many sequential steps.

 

How do I send a digital signature request via Penneo?

It's easy to send out documents for digital signature with Penneo. Follow these simple steps and your documents will be signed in no time!

1. Log in to your Penneo account: You can choose to log in via digital ID or by typing in your username and password.
2. Select "Create new case file"
3. Fill in the document details: Type in the document name, select your preferred automated signing flow, and enable additional security measures.
4. Upload the document: You can upload both documents and attachments here. With Penneo, you can digitally sign PDFs by uploading PDF files here.
5. Add recipients: Fill in the details of the people who need to sign the document. On top of that, you can select additional security options during this step.
6. Review and send: Preview your documents and make sure all the details are correct. You can then send out the documents for signing with the touch of a button.

Do you need more information on how to create a digital signature request with Penneo? Check out our video tutorial on how to send out documents for signing with Penneo.

 

How do I digitally sign with Penneo?

It's easy to digitally sign documents with Penneo. Follow these simple steps and sign documents in a matter of minutes!

1. Open the email from Penneo: After opening the email, just click on "Click here to read your documents".
2. Validate your identity: Select the digital ID you wish to use and log in with it to confirm your identity.
3. Read all the documents and attachments
4. After going through all the documents, click on "Go to signing"
5. Sign the document using your digital ID (eID)

Do you need more information on how to digitally sign a document with Penneo? Check out our support article on how to digitally sign with Penneo.

 

How much does a digital signature software cost?

Penneo's digital signature solution prices start from € 129/month.

However, we don't believe in theone-size-fits-all approach. When it comes to digital signature, you should only pay for what you need. Therefore, we provide a wide range of plans and packages - just choose the one that best fits your needs.

 

Why choose Penneo’s digital digital signature software?

Our digital signatures can be used as proof of trustworthiness in terms of authenticity, data integrity, and non-repudiation, that are the three core security services for the validity of an e-signature. But how do we achieve this level of security?

Signer authentication: to be 100% sure about who is actually the author of the e-signature, Penneo uniquely identifies signers by using certificate-based Digital IDs issued by TSPs or Certificate Authorities (CAs); a unique PID (Personal Identifier) is also printed on the document so that the signer’s certificate is cryptographically bound to it.

Content integrity: to prevent tampering, once the digital signature has been submitted the entire package is signed by Penneo that acts as a kind of notary and prints a unique watermark ID on the document; every step is captured in a secured audit trail that makes it extremely easy to verify if the document has been altered in transit.

Non-repudiation: to document intent and consent, digital signatures can only be applied through Penneo’s signature platform, where the user must accept a declaration of consent before signing; this statement contains an overview of the documents and is stored as a part of the signature itself; additionally, each digital signature is time-stamped so that the trusted time of generation can be identified and used as non-repudiation evidence.

But the list cannot end here. Because it’s equally important the attention we pay to encryption and data protection to safeguard the privacy of your confidential information. Not to mention all the capabilities and features you can rely on to easily customize, integrate, and automate your signing flows.

Companies around the globe are thriving in this fast-growing marketplace. Invest in digital solutions to get the most out of this ongoing advancement. You’ll save money and boost your security while giving your business a competitive edge. What are you waiting for?

 

Sign up for a free trial of Penneo now!

  • This field is for validation purposes and should be left unchanged.