What are Electronic Signatures?

Understanding the different levels and types


For people new to this area, there can be confusion around the strength and legality of electronic signatures. Typical examples of basic electronic signatures include:

Electronic Signatures

Essentially any mark on a document can capture the intent of the signer to approve or accept the contents. The issue is proving who made the mark and that the document was not changed subsequently. Weak forms of electronic signatures, such as a scanned signature image can be easily copied and the document can be edited by anyone after signing without detection.

Electronic signatures are categorised as follows:

  • Click to sign – These include tick boxes, e-squiggles, scanned images, and typed names. By themselves these are not enough to provide good evidence of who signed or protect the document from change. They can however be used in association with an e-signature or digital signature.

    Verification Dialoge

  • e-Signatures – These typically involve the signer applying their hand-signature mark on the document and then this being protected with a cryptographic digital signature. With basic e-signatures, the crypto digital signature part is created using a single server-held signing key. E.g. SigningHub supports basic e-signatures with a witness digital signature. The witness digital signature is applied every time an e-signature mark is applied by the user and cryptographically binds this mark to the document and protects the document from any subsequent changes, thereby ensuring data integrity. This is a long-term signature that includes a trusted timestamp. Strong authentication and authorisation options are available in SigningHub, along with a detailed workflow evidence report (see below). Within SigningHub the single server-held signing key can belong to the enterprise client, rather than the default signing key used by the SigningHub service.
    Verification Dialoge
  • Advanced and Qualified eSignatures – Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) are fully supported in SigningHub. AES and QES provide the highest level of trust and assurance because these use unique signing keys for every signer. This directly links the user’s identity to the signed document such that anyone can verify it on their own using an industry standard PDF reader. Furthermore, as the signer has sole control of their unique private signing key this ensures non-repudiation, i.e. even the service provider cannot be held responsible for creating the signature. SigningHub complies with eIDAS regulations for AES and QES using locally held credentials, such as a National eID card, or importantly remote signing where the user’s key is held securely, server-side. Remote signing has many benefits including the ability to sign from any machine without use of specialist devices like smartcards, hardware tokens and readers.
    The advantage of using AES/QES is that they show exactly who signed the document. This is highlighted below:

    Click to zoom

Electronic signatures are summarised as follows:

“Click to Sign” SignatureseSignatures with Server WitnessAdvanced eSignaturesEU Qualified
User Authentication
User Consent
User’s Signature Mark
Document Integrity
Bind Signer’s ID to Doc
Certify Signature
Embedded Evidence
Long Term Verifiability

QES are a more trusted version of AES because they require the highest levels of security for the protection of the user’s signing key and also a formal registration process for the user to verify their identity by a qualified Certificate Authority. From a legal perspective QES can be considered even stronger than handwritten signatures as the burden of proof shifts to the signer to prove that they did not sign!

Audit Information

In addition to the evidence provided by the e-signature itself, SigningHub also provides additional evidence in the form of detailed audit information on all user actions that affect a document. This is available on screen and also as a digitally signed Workflow Evidence Report (PDF), which is made available to provide clear evidence of actions, at precise dates/times, IP addresses, authentication mechanisms, legal notices and signatures applied.

Click to zoom