Want to know what a digital signature is and how it works? And why more and more businesses are relying on digital document signing? Read on to find out.
What are digital signatures?
Digital signatures are a means to authenticate the identity of signers and the integrity of signed electronic documents and messages. They are admissible as evidence in legal proceedings and provide a higher level of security than handwritten signatures.
eIDAS uses the term advanced electronic signatures to refer to digital signatures. According to the regulation, a digital signature must be:
- uniquely linked to the signer,
- capable of identifying the signer,
- linked to the data signed so that any later change in the data is detectable.
Additionally, the signer needs to have sole control over the data used to create the digital signature.
In an open system, such as the Internet, the parties do not know each other in advance. Therefore, to be able to securely use digital signatures, they must have a way to link a digital signature to the person who created it.
To this end, public key infrastructures or PKIs have been developed. In a PKI system, trusted third parties known as Trust Service Providers issue digital certificates. A digital certificate is an electronic file that binds a public key to its owner.
How do digital signatures work?
To create a digital signature, you must use a certificate-based eID (e.g., MitID, itsme®, BankID). Each eID contains a public-private key pair and a digital certificate issued by a Trust Service Provider that binds the public key to its owner.
The private key is used to sign the document and should be kept secret. The public key needs to be shared with the recipients so they can authenticate the signature. The only way to validate a digital signature created with a person’s private key is by using the same person’s corresponding public key.
Here’s what happens, from a technical perspective, when a person creates a digital signature with an eID:
- A hash value of the document at the time of signing is generated.
- The hash value of the document is then signed with the signer’s private key.
Now, let’s see how the signature validation process works.
- A hash value of the signed document is generated. A digital signature is only valid if the hash value of the signed document and the hash value of the document at the time of signing are the same. If the two hash values are different, it means that someone has made changes to the document after signing.
- The digital signature is validated using the signer’s public key (which is included in their digital certificate).
A digital signature is only binding when:
- the signer’s public key can validate it and;
- the hash value of the signed document and the hash value of the document at the time of signing match.
Learn more about digital signatures
Digital signatures vs. electronic signatures
The term electronic signatures refers to all data in electronic form which is attached to or logically associated with an electronic document or message and which is used by the signatory to sign.
The term digital signatures, on the other hand, only refers to electronic signatures that meet the eIDAS requirements for advanced electronic signatures or qualified electronic signatures.
In conclusion, all digital signatures are electronic signatures, but the opposite does not apply.
Are digital signatures legal in my country?
Under EU’s eIDAS, digital signatures are just as legally binding as traditional signatures placed on a piece of paper. And according to eIDAS, it is not allowed to discriminate against a signature on the grounds that it is in electronic form.
However, there are still a few exceptions where the law requires a handwritten signature. These exceptions are different for each Member State.
Are digital signatures secure?
Yes! Digital signatures allow you to verify the identity of the signers, make sure any documents you send out cannot be modified, and ensure that the signer cannot deny having signed said documents.
What are the benefits of digital signatures?
Besides providing a higher level of security than handwritten signatures, digital signatures will also help you:
- reduce the amount of manual work in preparing, sending, signing, and scanning documents
- remove the need for ink, paper, and postage fees
- make it more convenient for your stakeholders to sign documents
Other advantages of digital signatures are faster contract turnaround, hassle-free compliance with legal requirements, and a positive impact on the environment.
When can I use digital signatures?
Companies across multiple industries and departments use digital signatures to improve efficiency and strengthen data security. Here are some examples of documents that can be signed digitally:
- Annual reports, audit reports, engagement letters, letters of representation, management statements, NDAs, and tax documentation
- Loan & mortgage agreements, board & company documents, insurance policies, pension schemes agreements, leasing offers, voluntary settlements, and repayment agreements
- Lease agreements, purchase contracts, deeds, and real estate web forms
- Employment contracts, company policies & guidelines, and bonus agreements
- General meeting documentation, governance policies, and articles of association
How to sign PDF documents with Penneo
Creating a digital signature is quick, secure and convenient. See here how you can sign PDFs online with Penneo.
How to verify a digital signature
The main reason digital signatures are more secure than handwritten signatures is that they are virtually impossible to be forged. That is because digital signatures are built on PKI technology, so their data is embedded in the final document and verifiable.
If you want to check the validity of a digital signature, you can do so in several ways:
- Through a PDF reader
- Using Penneo’s Validator
- Using the EU’s validation platform
Sign documents for free with our digital signature solution
Penneo Sign is a secure digital signature solution that provides:
- Signer authentication: To verify that the signer is who they say they are, Penneo employs trusted digital IDs such as NemID, BankID, itsme®, and FTN.
- Document integrity: To prevent anyone from tampering with the content, Penneo places a unique watermark on each signed document. On top of that, our software creates an audit trail that documents every step in the signing process.
- Non-repudiation: When signing a document via Penneo, users need to accept a declaration of consent. The statement contains an overview of the agreement and is part of the signature itself. Additionally, Penneo timestamps every signature with the date and time of creation. As a result, the signature can’t be denied.
- High level of security: Penneo is a qualified trust service provider (QTSP) that employs encryption and role-based access control. This way, only authorized people can access sensitive data and information.
- Integrations with popular tools and the possibility to build a custom API integration
We hope by now you’ve been convinced of the many advantages of using digital signatures in your organization. So what are you waiting for?
Request a free trial and start signing documents online for free today!