E-Signatures Vs Digital Signatures

SigningHub combines both to get the best of both worlds

Overview of Signing Methods

Electronic signatures and digital signatures are two terms that are commonly used to mean the same thing. Even within the security industry often marketing people tend to use the two terms interchangeably. However this is incorrect as within the technical and legal communities the two terms have very different meanings. When choosing a signing solution it’s very important to know exactly what is being offered.

Here we try to clear up the confusion by explaining the main differences between electronic signatures and digital signatures and describe their relative pros/cons. We also link the theory to what is actually implemented in practise in SigningHub. Read on and you are bound to be impressed with all the different types of signatures supported by SigningHub!

Understanding the differences

Firstly let’s clarify what are the generally accepted meaning of the terms e-signatures and digital signatures:

Electronic signature:

This is any signature that is in electronic form, i.e. as opposed to paper-based ink signatures. Examples of electronic signatures include: a scanned image of the person ink signature, a mouse squiggle on a screen or a hand-signature created on a tablet using your finger or stylus, a signature at the bottom of your email, a typed name, a biometric hand-signature signed on a specialist signing hardware device, a video signature, a voice signature, a click in an “I Agree” checkbox, etc. The list is actually endless. The main point is that an e-sign is any “mark” made by the person to confirm their approval of the document or transaction.

Electronic Signatures

Digital Signatures:

These are actually a subset of electronic signatures because they are also in electronic form. However digital signatures go much further in terms of providing security and trust services:

  1. Signer authentication:
    i.e. proof of who actually signed the document. i.e. digital signatures linking the user’s signature to an actual identifiable entity.
  2. Data integrity:
    i.e. proof that the document has not been changed since signing. The digital signature depends on every binary bit of the document and therefore can’t be re-attached to any other document.
  3. Non-repudiation:
    i.e. the signer should not be able to falsely deny having signed their signature. That is, it should be possible to prove in a court that the signer in fact created the signature.

This leads to some interesting points:
A digital signature can also be considered an e-signature, but the reverse is not true i.e., not all e-sign offer the same security services as digital signatures e.g. consider a basic e-signature like a scanned signature image inserted into a document – this can be easily copied from one document to another by anyone. Also the document can be easily edited after inserting the signature image.
Any mark on a document can capture the intent of the signer to “approve” the contents, i.e. this mark doesn’t necessarily need to look like the person’s hand-signature. Even a simple “X” is sufficient to show the signer’s intent. The issue is in terms of proving who could have made this mark.
To avoid later claims by the person that didn’t know what they were signing, it’s important to be able to show a legal notice to the user which they must confirm so that their signing action can be considered a wilful act.

Pros & cons of each signature type

  Pros Cons
Electronic Signatures
  • Provides better user experience as reflects normal ink signatures when using graphical images
  • Can be easily copied from one document to another
  • Document can be changed easily after signing without detection
  • Unclear who actually signed the document, so signatures can be repudiated
  • Not automatic equivalence to hand-written signatures in most jurisdictions
Digital Signatures
  • Signed document can’t be changed even by a single bit without detection
  • Who signed the document can be determined with a high degree of trust
  • Signers can’t repudiate their signatures
  • Digital Signatures can have equivalence with hand-written signatures in a court
  • Based on cryptographic codes and not ease to associate with normal ink signatures for human users

 

Although digital signatures have most of the benefits in terms of security and trust, to create the best user experience it’s necessary to merge the concept of electronic signatures with digital signatures – and that’s exactly what we have done in SigningHub!

Also traditionally digital signatures were seen as complex and expensive because they required each user to hold their own signing key locally.  However we have worked and overcome both of these limitations in SigningHub. Firstly we shield all the PKI complexity from the user in terms of using digital certificates.  Secondly we allow the use of server-side signing keys thus avoiding the need to deliver keys to end-users, this is a simple and cost-effective solution and allows signing from any device.  Finally many countries have already deployed citizen e-ID cards which contain PKI signing keys, in this case the infrastructure is already deployed and SigningHub is a business application which can use this pre-existing infrastructure thus lowering costs.

free trial button