What is the difference between an Electronic Signature and a Digital Signature?
Book a Demo
"Handwritten signatures" are created when a person makes their mark by hand, on paper, using ink.
Most people are familiar with handwritten signatures. Historically, these were the most accepted method of legally binding a person to a contractual commitment.
Authentication of the signer's identity is confirmed by introducing another signer (co-signer or witness). The co-signer must be present at the time of signing. By co-signing, they confirm identity of the first signer.
Non-repudiation is very difficult with handwritten signatures, as it requires a forensic handwriting expert to prove non-repudiation.
Although far from perfect, and open to forgery right from the outset, handwritten signatures served their purpose, for a while.
GLOBAL LEGAL ACCEPTANCE
The need to sign documents electronically emerged when business transactions started migrating to digital processes.
As is often the case with new technologies, different opinions are formed before global standards are created. Electronic signatures are a prime example of how different opinions can create confusion in technology law.
Although many countries still accept electronic signatures, there is no official standard for them. So they too are more susceptible to forgery and non-repudiation is almost non-existent. Again, to prove authenticity, evidence is needed.
In essence, an electronic signature is nothing more than a digital image attached to an electronic message.
The very basic form of an electronic signature is when you write your name at the bottom of an email, for instance, "Regards, Mark". In many instances of eSign law, this form of signature still binds the sender to the content, making it legally binding under statutory provisions for ordinary electronic signatures.
Electronic signatures have been serving their purpose as a stepping-stone technology, while standards are being created and laws agreed upon, but their days are numbered.
Electronic signatures will always have their place. After all, they are fast, user-friendly, and very convenient. But if you're going to sign a legal contract that could end up in court, an advanced eSignature - or digital signature - is the way to go.
GLOBAL LEGAL ACCEPTANCE
IDENTITY OF SIGNER
Frequently Asked Question:
What type of signature is it when you print and sign a document, then scan and e-mail it?
This question presents another interesting case on how modern technology can create confusion in the absence of updated law.
The fact is, without the presence of the original paper document that has the wet-ink signature on it, the electronic copy is nothing more than a basic electronic signature. Therefore, the signature is open to scrutiny and has no standing in a court of Law.
Instead of asking a customer to print, sign, scan and email a document, rather circulate the document via workflow and sign it with an auditable digital signature.
Digital signatures are also known as advanced electronic signatures (AES), qualified electronic signatures (QES) or trusted electronic signatures.
Across the world, digital signatures are fast becoming the only legally accepted replacement for handwritten signatures. Digital signatures offer inherent security and non-repudiation, which cannot be found in electronic signatures.
Digital signatures make use of a technology known as public-key infrastructure (PKI) cryptography. Not only does this address non-repudiation in a court of Law, but it also protects the integrity of documents and makes them tamper-evident.
GLOBAL LEGAL ACCEPTANCE
IDENTITY OF SIGNER
Digital signature layers
Electronic signature layer
The top layer of a SigniFlow digital signature is an electronic, graphical image. This represents an individual's handwritten signature. The image only has to be captured once, after which the system automatically layers the graphic image in the digital signature.
PKI signing key
Next, the top-middle (yellow) layer embeds a body of evidence about the signer and the process in the X.509 certificate. It embeds the identity of the signer, a trusted timestamp, and the public key needed to verify the signature.
Digital signature layer
The bottom-middle (red) layer stores security information about the document and the signing ceremony. When the signature is applied, it creates an encrypted hash of the document, which is signed and embedded in the PDF.
Every time the signature is verified, a new hash code of the document is created and compared to the original one. If so much as one Bit in the document has changed, the verification will fail. This makes the document tamper-evident.
What is an Advanced Electronic Signature?
Advanced Electronic Signatures (AES or AESign) and Qualified Electronic Signatures (QES) are standard digital signatures, but with a higher-class digital certificate.
Depending on your country, these certificates are usually issued in a face-to-face meeting, where the RA (Registration Authority) follows each CA's (Certificate Authority) pre-approved process to validate identity before issuing AES or QES certificates. These certificates are always stored on a highly secure and protected device, like a FIPS140-2 Level 2 or 3 HSM (Hardware Security Module).
SigniFlow is certificate agnostic, meaning it can sign with any of these certificates. Once the certificate is issued, you set up your SigniFlow account to point to the location of your certificate. Every time you sign, SigniFlow uses your personal digital certificate to cryptographically sign the document.
These types of signatures are the most compliant of all signatures for electronic documents.
How to verify a Digital Signature
Verifying a digital signature created requires minimal effort.
First, open the document in Adobe Acrobat® Reader. The top bar will indicate the validity of the signature on the left. If the document has changed since it was signed, the Adobe Trust indicators will show red or orange exclamation marks. This indicates that the document has been tampered with.
Then, by opening the pen icon in the middle of the left vertical bar of the PDF reader, you can view additional audit information, such as the signer's identity, TSA (Timestamp Authority) timestamp, LTV (Long-term Validation) and other properties.
SigniFlow only uses Adobe Approved Trust List (AATL) certificates to sign documents, which means every signature in the document is a digital signature that can be verified.
Additionally, you can find the signature in the document and click on it. The signature validation status, containing all of the signatory's information, will pop up. By going into the Signature Properties section, you can view further details of the certificate.
The only eSignature platform that allows you to choose between Electronic Signatures and Digital Signatures at no additional cost.
SigniFlow offers two types of signatures to all users. When setting up a workflow, users can set the signature type per recipient.
Request the faster, more convenient Electronic Signature for more basic contracts or internal approvals;
Or ensure maximum security and compliance with regulations by using SigniFlow's trusted free Digital Signature.
In addition, SigniFlow supports all types of internationally accredited Advanced Electronic Signatures (AES) and European Union accredited eIDAS Qualified Electronic Signatures (QES).
Core eSignature Features
Included in Business License
Businesses everywhere have spoken - and we've listened. We get you. Dealing with customers and suppliers, each with their own systems and processes, can be a tedious task.
You need more than just eSign workflow. You need an intuitive tool that understands your day at the office.
We get your office hours
Finally, a software company that has actual people giving its customers - and their customers - 24/7 online support, for free. Our support ninjas are the best in the game.
Connect to any of our 8 international data centres and experience true 99.9% uptime. Over the past 24 months, we've exceeded our 99.5% uptime target across all regions.
IT Security Management
Our Information Security Management System is ISO27001:2013 certified and our Quality Management System is ISO9001: 2015 certified by TÜV Rheinland.
Compliance is our game
SigniFlow's international, segregated security infrastructure ensures customer data is processed in accordance with the most stringent international privacy and cross-border data protection laws, such as GDPR, LGPD and POPI.
The SigniFlow eSignature complies with the EU eIDAS Regulation, the US ESIGN Act, the South African ECT Act, and many other regulations around the world, including countries like Australia, United Kingdom, United Emirates, Qatar, Brazil, Argentina, Peru, Chile, Malaysia, Singapore, Vietnam, and many more.
To find out more about eSignature regulations in your country, contact us for a free consultation.
International Best Practices
Get your business online in minutes
Connect to any of our global Cloud services in your region. Register for a free trial account or get yourself or your business online in minutes by visiting our eSign License Plans and subscribing today.
Own your deployment
SigniFlow's Hybrid technology allows you to deploy SigniFlow in your favourite Data Centre. We support Hypervisor Vitual Machine (VM) and modernised containerised cluster deployments, like Kubernetes.
Bring it in-house
SigniFlow Hybrid technology caters for the most demanding of security use-cases. Deploy SigniFlow in your Server room on a HyperVisor Virtual Machine environment and connect it to your legacy systems.
SigniFlow Hybrid Technology
Technology so powerful, it's changing the game
It's about what you want. Our Hybrid technology was developed by SigniFlow engineers over the course of 8 years, to ensure the most stringent customer demands for choice and security would be met.
Essentially, SigniFlow Hybrid technology allows any customer, in any location, to rapidly deploy their own SigniFlow instance in almost any environment, and any location. The tech does all the heavy lifting for you when it comes to cryptography, identity management, and Public Key Infrastructure (PKI). In addition, it caters to high-security use cases, where customers want to deploy on-premise behind a private firewall or use their own private PKI.
Core Deployment Features
Why choose SigniFlow?
24/7 Online support
We understand your office hours. SigniFlow offers 24/7 online support to all customers.
No matter where you are and no matter what time it is, we are always online to help you meet your deadlines.