Overview
Electronic signatures and digital signatures are two terms that are commonly used to mean the same thing. Even within the security industry often marketing people tend to use the two terms interchangeably. However this is incorrect as within the technical and legal communities the two terms have very different meanings. When choosing a signing solution it’s very important to know exactly what is being offered.
Here we try to clear up the confusion by explaining the main differences between electronic signatures and digital signatures and describe their relative pros/cons. We also link the theory to what is actually implemented in practise in SigningHub. Read on and you are bound to be impressed with all the different types of signatures supported by SigningHub!
Understanding e-signatures and digital signatures:
Firstly let’s clarify what are the generally accepted meaning of the terms e-signatures and digital signatures:
- Electronic signature: This is any signature that is in electronic form, i.e. as opposed to paper-based ink signatures. Examples of electronic signatures include: a scanned image of the person ink signature, a mouse squiggle on a screen or a hand-signature created on a tablet using your finger or stylus, a signature at the bottom of your email, a typed name, a biometric hand-signature signed on a specialist signing hardware device, a video signature, a voice signature, a click in an “I Agree” checkbox, etc. The list is actually endless. The main point is that an e-sign is any “mark” made by the person to confirm their approval of the document or transaction.
- Digital Signatures: These are actually a subset of electronic signatures because they are also in electronic form. However digital signatures go much further in terms of providing security and trust services:
- Signer authentication: i.e. proof of who actually signed the document. i.e. digital signatures linking the user’s signature to an actual identifiable entity.
- Data integrity: i.e. proof that the document has not been changed since signing. The digital signature depends on every binary bit of the document and therefore can’t be re-attached to any other document.
- Non-repudiation: i.e. the signer should not be able to falsely deny having signed their signature. That is, it should be possible to prove in a court that the signer in fact created the signature.
Digital signatures are created using cryptographic techniques, normally based on PKI systems, where the private signing key is only accessible to the owner. There are many different ways of implementing digital signatures, each offering different levels of security and trust for the above services. Some of these different approaches for implementing digital signatures are described later.
This leads to some interesting points:
- A digital signature can also be considered an e-signature, but the reverse is not true i.e., not all e-sign offer the same security services as digital signatures .g. consider a basic e-signature like a scanned signature image inserted into a document – this can be easily copied from one document to another by anyone. Also the document can be easily edited after inserting the signature image.
- Any mark on a document can capture the intent of the signer to “approve” the contents, i.e. this mark doesn’t necessarily need to look like the person’s hand-signature. Even a simple “X” is sufficient to show the signer’s intent. The issue is in terms of proving who could have made this mark.
- To avoid later claims by the person that didn’t know what they were signing, it’s important to be able to show a legal notice to the user which they must confirm so that their signing action can be considered a wilful act.
The following table summarises the main pros/cons of each type of signature:
| Pros | Cons | |
| Electronic Signatures |
|
|
| Digital Signatures |
|
|
Although digital signatures have most of the benefits in terms of security and trust, to create the best user experience it’s necessary to merge the concept of electronic signatures with digital signatures – and that’s exactly what we have done in SigningHub!