Want to know what a digital signature is and how it works? And why more and more businesses are relying on digital document signing? Read on to find out.
What are digital signatures?
Digital signatures are a means to authenticate the identity of signers and the integrity of signed electronic documents and messages. They are admissible as evidence in legal proceedings and provide a higher level of security than handwritten signatures.
eIDAS uses the term advanced electronic signatures to refer to digital signatures. According to the regulation, a digital signature must be:
- uniquely linked to the signer,
- capable of identifying the signer,
- linked to the data signed so that any later change in the data is detectable.
Additionally, the signer needs to have sole control over the data used to create the digital signature.
To meet these requirements, digital signatures employ public key infrastructure (PKI). PKI is a set of roles, technologies, and processes needed to generate and manage cryptographic key pairs and digital certificates. A digital certificate is an electronic file that binds a public key to its owner. The trusted organizations that issue digital certificates in Europe are called Trust Service Providers.
How do digital signatures work?
PKI uses a cryptographic algorithm to generate two keys: a public and a private key. The two keys are different but mathematically connected.
The private key is used to sign the document and should be kept secret. The public key needs to be shared with the recipients so they can authenticate the signature. The only way to validate a digital signature created with a person’s private key is by using the same person’s corresponding public key.
When a person signs a document, the digital signing solution runs the document through a hashing algorithm. This generates a unique numeric representation of the document called a message digest.
The message digest is then encrypted using the signer’s private key. The encrypted message digest is the digital signature of the document.
Next, the digitally signed document is sent to the recipients. The same hashing algorithm is applied again to generate the message digest of the present document after signing.
Using the signer’s public key, the recipients can decrypt the digital signature. If the signer’s public key can decrypt the signature, the signer’s identity is verified.
By decrypting the signature, the recipients also get the digest of the document at the time of signing.
If the two digests are identical, the document has not been tampered with since signing.
A digital signature is only binding when:
- the signer’s public key can validate it and;
- the two digests match.
Learn more about digital signatures
Digital signatures vs. electronic signatures
People often use the term electronic signatures to refer to all online signatures – including digital ones. However, digital signatures are different from simple electronic signatures.
To be considered digital signatures, e-signatures need to meet specific security requirements set by the eIDAS regulation. In conclusion, all digital signatures are electronic signatures, but the opposite does not apply.
Are digital signatures legal in my country?
Under EU’s eIDAS, digital signatures are just as legally binding as traditional signatures placed on a piece of paper. And according to eIDAS, it is not allowed to discriminate against a signature on the grounds that it is in electronic form.
However, there are still a few exceptions where the law requires a handwritten signature. These exceptions are different for each Member State.
Are digital signatures secure?
Yes! Digital signatures allow you to verify the identity of the signers, make sure any documents you send out cannot be modified, and ensure that the signer cannot deny having signed said documents.
What are the benefits of digital signatures?
Besides providing a higher level of security than handwritten signatures, digital signatures will also help you:
- reduce the amount of manual work in preparing, sending, signing, and scanning documents
- remove the need for ink, paper, and postage fees
- make it more convenient for your stakeholders to sign documents
Other advantages of digital signatures are faster contract turnaround, hassle-free compliance with legal requirements, and a positive impact on the environment.
When can I use digital signatures?
Companies across multiple industries and departments use digital signatures to improve efficiency and strengthen data security. Here are some examples of documents that can be signed digitally:
- Annual reports, audit reports, engagement letters, letters of representation, management statements, NDAs, and tax documentation
- Loan & mortgage agreements, board & company documents, insurance policies, pension schemes agreements, leasing offers, voluntary settlements, and repayment agreements
- Lease agreements, purchase contracts, deeds, and real estate web forms
- Employment contracts, company policies & guidelines, and bonus agreements
- General meeting documentation, governance policies, and articles of association
How to sign PDF documents with Penneo
How to verify a digital signature
The main reason digital signatures are more secure than handwritten signatures is that they are virtually impossible to be forged. That is because digital signatures are built on PKI technology, so their data is embedded in the final document and verifiable.
If you want to check the validity of a digital signature, you can do so in several ways:
Sign documents for free with our digital signature solution
Penneo Sign is a secure digital signature solution that provides:
- Signer authentication: To verify that the signer is who they say they are, Penneo employs trusted digital IDs such as NemID, BankID, itsme®, and FTN.
- Document integrity: To prevent anyone from tampering with the content, Penneo places a unique watermark on each signed document. On top of that, our software creates an audit trail that documents every step in the signing process.
- Non-repudiation: When signing a document via Penneo, users need to accept a declaration of consent. The statement contains an overview of the agreement and is part of the signature itself. Additionally, Penneo timestamps every signature with the date and time of creation. As a result, the signature can’t be denied.
- High level of security: Penneo employs encryption and role-based access control. This way, only authorized people can access sensitive data and information.
- Integrations with popular tools and the possibility to build a custom API integration
We hope by now you’ve been convinced of the many advantages of using digital signatures in your organization. So what are you waiting for?
Request a free trial and start signing documents online for free today!