Editor's Note: This article was originally posted in June of 2016 by Janine Marchi. It has since been updated to include new regulations for applying e-signatures and to acomodate advances in digital signatures, including GlobalSign's cloud-based Digital Signing Service.
What's in a name? In this case, quite a bit actually.
The terms electronic signatures and digital signatures are frequently used interchangeably yet there are some key differences and specific reasons for why you might use one over the other. Here at GlobalSign, we commonly speak with organizations confused by the two options and need help determining what type of signature they should adopt into their document signing workflow.
Let’s jump in and break down the differences.
What is an Electronic Signature?
According to the US Federal ESIGN Act, electronic signatures are defined as:
“Electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."
More loosely, e-signatures are used to refer to any signature that is applied electronically as opposed to on a physical piece of paper. Electronic signatures can be used to confirm content within a document, however not all electronic signatures’ assurance levels are the same in the eyes of the law. If you are in an industry that is highly regulated where you are dealing with personal and/or private information and data –finance or accounting, HR, legal, or healthcare, to name a few – then you might need to consider a more secure option.
What is a Digital Signature?
Digital Signatures are a form of electronic signatures – both are used for document signing – but there are a few important features that make them unique.
Before we go into the details, it might be helpful to take a step back for a moment and look at the security concerns surrounding paper-based documents and workflows. The most common concerns individuals and organizations face when dealing with paper-based documents are:
- Is the person who signed the document who they claim to be? Or, put another way, How can I verify if the signature is valid and hasn’t been forged?
- How do I safeguard (or from the receiver’s perspective, confirm) that the content within the document hasn’t been tampered with?
The existence of notaries was invented to help address these very valid concerns and can be traced all the way back to the ancient Egyptian times (according to the National Notary Association). Notaries today play a key role in assuring the parties of a transaction that the document is authentic and can be trusted.
As we would suspect, the same problems exist in electronic document workflows. Digital signatures were developed to help solve this problem – they are, essentially, the digital equivalent to adding a notarized signature to your paperwork. In the case of digital signatures, a trusted third party, known as a Certificate Authority (CA) is responsible for verifying your identity.
Certificate Authorities bind your identity to a PKI-based digital certificate which allows you to use your certificate to create digital signatures locally using a token or remote using any of the cloud-based signing platforms.
When you apply a digital signature to a document, cryptography binds your digital certificate (provided after vetting the users identity) with the data being signed into one unique “fingerprint.” Just like with a real fingerprint, the cryptographic components that make up your digitally signed document cannot be replicated or altered. This is what makes digital signatures secure and compliant and therefore more powerful in the eyes of the law. Digital signatures can be used to digitally transform, digitally “package” or digitally seal your documents.
In summary, a carefully thought-out and secure cryptographic operation allows digital signatures to assure the following:
- The document is authentic and comes from a verified source
- Identities have been verified by a publicly trusted organization (the CA)
- The document has not been tampered with since being digitally signed as the signature would be displayed as invalid if changes were made
How Can I Tell if a Signature is Digital and Can Be Trusted?
When looking to verify whether a document or PDF has been successfully digitally signed and trusted, the easiest way is to open the signing panel of the document in Adobe reader and see if there is green checkmark next to the signature of the signer, verifying that the signature is indeed authentic and proving the document’s integrity .
If for any reason there is an issue with the signature or document you will see a yellow triangle or red circle warning in the document reader or signer, indicating there is a problem or an invalid signature.
What Types of Signatures are Legally Binding?
Many regulations (e.g. eIDAS) and states are now requiring digital signatures over Electronic Signatures due to the fact that a digital signature provides authenticity and integrity that can be held up in a court system. Deciding what type of signature you want to implement should be dictated by the type of documents you need to sign and the level of authenticity you need the document to uphold.
GlobalSign digital signatures and seals help you meet the following global regulations and standards:
- US ESIGN (Electronic Signatures in Global and National Commerce)
- FDA CFR 21 Part 11
- US UETA (Uniform Electronic Transactions Act)
- US State Professional Engineering (PE) Seals
- UN Model Electronic Signature Law
- Sarbanes-Oxley (SOX)
- eIDAS (advanced & qualified e-signatures, eSeals)
- CNCA (Certification and Accreditation Administration of the People's Republic of China)
If you have questions about your unique use case and whether digital signatures might be required, reach out to one of our friendly PKI experts and we’d be happy to help.
Which Document Signing Platforms Support Digital Signatures?
The good news is that many of the most popular document signing and workflow platforms enable users to apply secure digital signatures. However, the way they are applied and the terminology used by various providers can vary.
DocuSign supports digital signatures and electronic seals. Through integration with GlobalSign, the documents that are digitally signed are verified for their integrity and signer identity.
Adobe Acrobat Sign
Adobe supports two types of digital signatures, Certified and Approval.
Adding a certifying signature to a PDF means you are the author of the document, have finalized its contents and want to secure it against tampering after it has been distributed.
Certified documents display a blue ribbon across the top of the document containing the signer's name and the Certificate issuer - a clear, visual indicator of document authenticity and authorship.
Approval signatures expedite an organization's approval procedure by capturing the electronic approvals made by individuals or departments and embedding them within the actual PDF.
Signatures can be customized to include an image (e.g. your physical signature or official seal) and various signature details (e.g. signing location, date, reason for signing)
Example of Adobe certified digital signature
Microsoft also supports two types of Digital Signatures using a token certificate - visible and non-visible.
Visible Digital Signature
This appears as a signature line, like a physical document. This method is commonly used when you need multiple users to sign documents like contracts or other agreements
An invisible signature is used when you need to provide document authenticity, integrity and origin assurances, but don’t need a visible signature line. Documents with a non-visible signature display a blue ribbon in their task bar.
How Can I Implement Digital Signatures in My Team or Organization?
Now that you understand the difference between Electronic and Digital Signatures, let’s take a look at the different options you have for implementation:
- You can sign locally using a token
- Or you can utilize cloud signature solutions
Your unique digital signature configuration will look different depending on the number of users needing the service, your organizational structure, your IT systems configuration, and other factors.
How Do I Digitally Sign a Document?
Once your IT administrator has taken the steps necessary to enable digital signatures for your organization, digitally signing a document is just as easy taking a pen to a piece of paper!
Want to learn more about how digital signatures can help your business speed up its operations, reduce paper waste, start collaborating digitally, and protect valuable information and data? Check out these great, free digital signature resources.
How Do Digital Signatures Work
Digital Signatures Made Easy eBook
Introduction to Digital Signatures for Architecture, Engineering, and Construction eBook
GlobalSign’s Cloud-Based Digital Signing Service for Enterprises
What’s the Difference between Advanced and Qualified Signatures in eIDAS?