digitally signing a document on laptop

Electronic Signing vs. Digital Signing Explained

In a world where remote work has exploded, organizations and individuals are looking for ways to continue doing business efficiently and/or improve security. Collecting a wet ink signature when you require it isn't always convenient or possible. There are options available that enable the ability to sign online documents quickly, but it's not always easy to choose.

We're digging into the differences between electronic and digital signing, so you can decide which is best for your use case.

What Is Electronic Signing?

Let's start by discussing electronic signing, or e-signing, which effectively replaces handwritten signatures with a digital version. The most notable advantage is the ease of use, and it allows for the processing of paperwork much faster than traditional scanning, printing or mailing. Through the use of e-signatures, businesses can easily reduce or even eliminate the cost associated with paper, ink and postage. Since the start of the pandemic and with the shift to working remotely, e-signing has soared in popularity.

Generally speaking, electronic signing covers a vast spectrum of applicability and is used in various tasks such as: 

  • A click-wrap acknowledgment of terms and conditions
  • Applying your handwritten signature on a phone or tablet via a stylus or your finger to accept courier deliveries, sign contracts or letters etc.
  • Pasting a scanned copy of your signature into an electronic document
  • Applying a signature by using a generic digital certificate

While an e-signature is legally binding in most places, the most important thing to note is that electronic signing does not require any validation of the signer's identity. It is a good way of collecting an acknowledgment of something, as long as there is no real need to ensure that the signer is the individual who they say they are.

What Is Digital Signing?

Now let's discuss the term digital signing. A digital signature is best explained as an electronic fingerprint — much like a physical fingerprint; it is unique to the person (or entity). The security offered by digital signing is powered through PKI. Here are five key concepts that speak to the strengths of digital signing:

  1. Digital signing requires a digital certificate that utilizes a signing algorithm to create a unique electronic fingerprint validated during and following the digital signing process. A digital certificate is a specific type of file stored in your browser or on hardware, such as a token or smart card.
  2. The digital certificate used for digital signing must be identity-based — meaning the digital certificate is issued to only one individual for whom his or her personal identity has been independently confirmed. Verification is accomplished through that individual's personally-identifying information. Think of it this way: an identity-based digital certificate is a credential comparable to a driver's license or passport. The process of applying for these credentials is very similar.
  3. When a digital signature is created using an identity-based certificate, the "signature" will contain various auditable attributes, such as the signer's name, date and time stamp, the unique digital fingerprint and the certificate's details used to create the signature. Optional attributes can be incorporated into the signature, such as a facsimile of the signer's wet signature, a company logo or an electronic professional or agency seal.
  4. When using tools such as Adobe for digital signing, the digital signature created using an identity-based certificate can be validated each time the document is opened. If multiple digital signatures are applied to the same document, each signature is validated independently when the document is accessed.
  5. Digital signatures that are created with an identity-based certificate are non-repudiable. From a legal perspective and based on policies that govern digital signing, the signature is recognized as belonging to the individual to whom the certificate is associated.

Can I Use Electronic Signatures and Digital Signatures Interchangeably?

A digital signature is not the same as an electronic signature. The term electronic signing is a generic term that covers various processes using electronic technology to acknowledge or enter into an agreement of some sort. Depending on the type of electronic signing deployed, the signature may or may not be construed as legally binding and it does not create non-repudiation. Digital signing is based on the use of a digital certificate that has been issued to a vetted individual. Digital signing also creates a unique fingerprint and an auditable digital signature that is non-repudiable and legally binding.

Image
Electronic Signing Digital Signing • A functional term• Not technically bound to a specific individual or validation process• Created options such as typed names, scanned images or a “click wrap” agreement on a web site• Legal, but not easily audited and can be repudiated• Cannot be validated through electronic means • A legal term• Tied to a specific individual via a PKI-based digital certificate• Created using a digital algorithm to bind the document using a certificate, resulting in a unique “fingerprint”• Non-repudiable and auditable• A “hash” of the content being signed – any tampering will be evident• Digital signing is required when using an electronic seal



Evaluate Your Business Needs and Assess Your Deployment Options

Understanding the fundamental concepts associated with electronic and digital signing is essential when considering your options. HID IdenTrust offers identity-based digital certificates used in the government, financial, health and public sectors. These certificates can be used with Adobe® and Microsoft® products that support digital signing.

Ready to purchase? You can evaluate and purchase HID IdenTrust digital signing certificates on IdenTrust.com.

To learn more about using identity-based, digital signing certificates and other methods for securing your workforce, read our white paper.

Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).

Citation

RECENT POSTS