Electronic signature (or e-signature) and digital signature are very similar terms, resulting in some confusion between them. Both indicate that a kind of legally recognized signing operation has taken place with an electronic document. However, the accepted definition of “electronic signature” is much broader than that of “digital signature,” and there are important differences between them.
We’ll discuss these distinctions below, but the takeaway is that certificate-based digital signatures (such as those made with SSL.com’s Document Signing certificates) offer guarantees of authenticity, integrity, and non-repudiation that are not offered by simple electronic signatures.
What is an electronic signature?
The U.S. Electronic Signatures in Global and National Commerce (ESIGN) Act (2000) defines an “electronic signature” as “an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record generated, sent, communicated, received, or stored by electronic means.”
In practice, an electronic signature is often simply an image of a handwritten signature (most commonly made with your finger or stylus on a touchpad or screen). Electronic signing solutions may also include single or multi-factor electronic authentication methods (e.g. PIN, password, email authentication, etc.)
Without more specific information about the processes and technologies used, the term “electronic signature” does not imply any guarantee of third-party validation of a document’s signatory, or of the integrity of a document’s content since it was signed. This can lead to some bad practices – for example, the owner of a company I used to work for just had a scan of their signature that could be pasted into contracts. That’s technically an “electronic signature” according to U.S. law, but we can easily do better than that!
What is a digital signature?
Unlike a simple electronic signature, a digital signature uses a PKI-based digital certificate issued by a certificate authority (CA) that binds an identity (such as a person or company) to a cryptographic key pair. When a document is digitally signed with the signatory’s private key, the document’s exact content and the identity of the signatory are bound together to form a unique digital fingerprint, ensuring:
• Authentication. The identity of a document’s signatory has been validated by a publicly trusted CA.
• Integrity. The content of a document has not been altered since it was signed.
• Non-repudiation. A signatory cannot plausibly deny that they signed a document.
Note that in Adobe Acrobat, a special type of digital signature known as a certification signature may optionally allow limited modifications to a signed document, such as the addition of approval signatures from other parties.
What is a document signing certificate?
A document signing certificate is a type of X.509 certificate, a digital file that binds the identity of a person or organization to a cryptographic key pair consisting of a public and private key. Typically, an applicant generates a key pair and then submits the public key, along with verifiable information about their identity, to a publicly trusted certificate authority (CA) such as SSL.com. Depending on the intended application, the key pair may be generated on the applicant’s computer or within a secure token or hardware security module (HSM). The CA checks the information and, if valid, issues a signed certificate to the applicant. The certificate can then be used to create digital signatures.
What can I sign with a document signing certificate?
Many types of common electronic documents can be digitally signed, including Microsoft Office (Word documents, Excel Spreadsheets, and PowerPoint presentations) and Adobe PDF. However, not all document signing certificates are created equal. Microsoft’s trust store is not the same as Adobe’s, and Adobe’s requirements for document signing certificates are more stringent. When you buy a document signing certificate from a CA, it’s important to make sure that it can be used to create trusted signatures for the types of documents you need to sign.
Is a digital signature the same as an electronic signature or e-signature?
No. An electronic signature (or e-signature) is very broadly defined by by the U.S. Electronic Signatures in Global and National Commerce (ESIGN) act as “an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record generated, sent, communicated, received, or stored by electronic means.” In contrast, a digital signature requires a CA-issued digital certificate and provides assurance of the identity of the signatory and the integrity of the signed document.
Are digital signatures legal and enforceable?
Yes. In the United States, the Electronic Signatures in Global and National Commerce (ESIGN) act gives electronic signatures (including digital signatures) the same legal status as handwritten signatures. U.S. Federal law, as defined in the ESIGN act, is broadly permissive regarding the enforceability of both electronic and digital signatures. However, simple electronic signatures do not provide the guarantees of authenticity, integrity, and non-repudiation offered by certificate-based digital signatures.
Just like in the United States, an electronic signature is also legally admissible in the European Union. The European Union’s Electronic Identification and Trust Services Regulation (eIDAS) recognizes all electronic signatures, but gives greater weight to PKI-based digital signatures. eIDAS recognizes three distinct types of electronic signatures, as well as electronic seals intended for use by legal entities such as corporations and other organizations:
- Electronic Signatures. eIDAS defines an “electronic signature” as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”
- Advanced Electronic Signatures must be uniquely linked to and identifying of the signatory, must be created using signature data that the signatory can use under their sole control, and any signed data must be tamper-evident. These conditions may be satisfied with a CA-issued digital certificate, such as SSL.com’s Document Signing certificates.
- Qualified Electronic Signatures have the same legal standing as handwritten signatures. A qualified electronic signature requires a certificate-based digital ID issued by a qualified EU Trust Service Provider (TSP) and must be made with a “qualified electronic signature creation device” such as a USB token.
- Electronic Seals are similar to electronic signatures, but are typically associated with legal entities rather than natural persons. eIDAS distinguishes between electronic, advanced, and qualified seals according to the same criteria used for signatures.
As defined by eIDAS, qualified electronic signatures and certificate-based advanced electronic signatures would both also be considered types of digital signatures, as that term is usually used in the US.
What is a Cloud Digital Signature?
Cloud document signing is a method of digitally signing electronic documents using digital certificates whose cryptographic key pairs are securely stored in the cloud rather than a local device. Thus, the digital signatures produced are referred to as cloud digital signatures or remote digital signatures.
In this method, a certificate authority like SSL.com, receives a hashed version of the document then digitally signs and timestamps it before sending the hash back to the client device. By using two-factor authentication (i.e. a one-time password from an authenticator app or SMS code.), only the authorized user can access and employ the document signing certificate for signing.
Creating Secure Cloud Digital Signatures with SSL.com eSigner
SSL.com’s eSigner cloud document signing service lets you conveniently add globally trusted digital signatures and timestamps to your electronic documents with no need for USB tokens, HSMs, or other special hardware. Certificates and signing keys are securely stored in SSL.com’s cloud-based FIPS-compliant hardware appliances. eSigner is available to all SSL.com Document Signing customers, able to apply Adobe-trusted signatures to PDFs, integrated with Adobe Sign and can also sign Microsoft documents..
There are three ways to use eSigner. First is through the intuitive eSigner Express web application. Second is through eSigner DocSignTool, a command-line utility which can be used with scripts and automation processes. Third is through the Cloud Signature Consortium (CSC) API that readily integrates with front-end apps like AdobeSign. To know more about SSL.com eSigner and Adobe Acrobat Sign Integration, please visit our service page.
Digital signatures created through SSL.com eSigner are legal and enforceable under the United States Electronic Signatures in Global and National Commerce (ESIGN) act as well as the laws of many other nations worldwide.
Below are articles demonstrating how eSigner can be used for various document signing processes that aim to create cloud digital signatures:
Remote Document Signing with eSigner CSC API
eSigner DocSignTool Command Guide
Sign Documents in the Cloud with eSigner Express
Document Signing Watch Folder Guide
High-volume Document Signing with Digital Signature eSealing
What is a Certified Signature?
Certified signatures provide a higher level of document control than regular digital signatures. As explained by Adobe, “when you certify a document, you can control the types of changes other people can make.”
Enrolment in eSigner cloud signing provides an option for an SSL.com document signing certificate to generate certified signatures.
Certified signatures from eSigner-enrolled document signing certificates readily comply with the PDF Advanced Electronic Signature (PAdES) standard.
For customers who want signatures that comply with the European Telecommunications Standards Institute (ETSI), SSL.com offers assistance acquiring ETSI-standard document signing certificates from European entities. Once these certificates are acquired, they can then be enrolled in eSigner to produce certified signatures.
How can SSL.com’s PDF document signing certificates be shipped on secure hardware tokens?
Adobe’s technical requirements for digital signatures mandate that private document signing keys be generated and stored on a secure device with two-factor authentication, such as a USB token or hardware security module (HSM). For this reason, SSL.com provides the option to ship its document signing certificates on YubiKey FIPS 140-2 validated security keys. These added layers of security keep your key safe and your digital identity secure.
If you already own a YubiKey FIPS, you can use an attestation process to order and install certificates on the device. For enterprise customers, SSL.com can host document signing keys on an HSM for volume signing operations. If requested, we can also ship document signing certificates on Gemalto tokens.
How can I view information about a digital signature in Adobe Acrobat?
If a PDF opened in Acrobat or Acrobat Reader includes any valid digital signatures, you will see a blue notice bar at the top of the document reading “Signed and all signatures are valid. To view information about a signature, including its chain of trust:
• Click the Signature Panel button at the top right of the notice bar.
• Expand Signature Details… by clicking the caret to the left.
• Click Certificate Details… to open the Certificate Viewer.
For information on digitally signing a PDF, please refer to Sign a PDF in Acrobat Reader.
How can I view information about a digital signature in Microsoft Word?
If your document includes a signature panel:
• Double-click the panel to open the Signature Details window
• Click the View button to open the Certificate window.
• Use the tabs to navigate information about the certificate including its chain of trust (Certification Path).
For more information about inspecting digital signatures in Microsoft Office (including invisible signatures), please refer to Viewing Certificate Information in Signed Microsoft Office 365 Documents.
What is the Adobe Approved Trust List (AATL)?
The Adobe Approved Trust List (AATL) is comprised of certificate authorities (CAs) that meet Adobe’s standards for issuing document signing certificates for use with Adobe Acrobat, Acrobat Reader, and other Adobe products. SSL.com is a member of the AATL program and is trusted by all Adobe products for digital signings.