What are digital signatures and how do they work?
Digital signatures are highly secure electronic signatures.
They rely on advanced validation technology, called a public key infrastructure (PKI), to ensure the signer’s identity and create a complete audit trail.
It is common to find digital signatures in highly-regulated sectors like healthcare, government, and defense, where the enforceability of contracts and non-repudiation is a priority.
There are also situations in which legal requirements dictate the use of digital signatures, or when a high-value deal is under consideration and the possibility of tampering needs to be completely eliminated.
In this post, we’re going to describe how digital signatures work in plain English while keeping technical jargon at a minimum.
Electronic vs digital signatures
As a business, it’s important to know when to use digital signatures instead of electronic signatures.
Electronic signatures will suffice in the vast majority of cases, and provide significant benefits over handwritten signatures and paper documents.
But in certain situations, a digital signature will provide an extra layer of security. Here are the two bare-bones definitions:
What are electronic signatures?
E-signatures are straightforward virtual marks and represent the most common type of electronic signature.
These marks are added to documents like proposals and contracts, which are usually in PDF, Microsoft Word, or Google Docs formats.
A simple example of an electronic signature is a photograph of a real signature that is uploaded and included at the bottom of an invoice.
PandaDoc also automatically generates a certificate recording the date and time of the signature, thus adding extra security.
What are digital signatures?
Digital signatures are encrypted versions of an original document tied to an individual user. These kinds of signatures are much more secure than their electronic counterparts.
But they’re also more difficult to create.
Digital signatures require special certificates from a certificate authority and can only be “written” using special software.
The combined cost of the digital certificate (which may need renewing on a regular basis) and the software can be high.
Those are the main differences between the two types of signatures. Now, let’s take a look at exactly how a digital signature works.
How do digital signatures work?
Digital signatures rely on “certificates”. A “digital signature certificate” is a secure personal key – a tool for encrypting a document – which is issued by a certificate authority or “CA”.
A common infrastructure, called a public key infrastructure (PKI) facilitates the use of digital certificates and public-key cryptography.
Your certificate contains specific personal details like your email address, name, location, and more.
Conditions governing the use of digital signatures are covered in law. For example, eIDAS in the European Union and the eSign ACT in the United States.
Digital certificates and digital signature technology
When you purchase a digital signing certificate, you’ll receive both a private and a public key (a “key pair”).
During the approval process for a document, at least one signer will share their sender’s public key with the other party.
If both parties are signing digitally, then both will share their keys. The public key is used to decipher a document but cannot encrypt it in the first place.
Your certificate is usually stored on your hard drive. Only you have access to it. Alternatively, a digital certificate may be kept on a special USB stick.
Personal and Public Keys
Whenever you sign a document using your certificate, a hashed version is created.
The document’s text is sent through a hashing algorithm (or hash function), a type of function or mathematical algorithm that turns the original content into a collection of numbers and letters called a digest.
The digest is then encrypted with your personal key. This is your “digital signature” — a protected version of the digest that can only be translated using your public key.
Note here that the term signature doesn’t just refer to a virtual mark. It is a combination of both the content of the approved electronic document and the sender’s private key.
Matching the digest and the digital signature
The document with the digital signature attached is returned to the sender, who creates a hashed version of the original document using the public key and decrypts the recipient’s digital signature to see the first hash value.
If both match then the signature is validated.
It is important to remember this final point: if the content of the signed document was altered after signing, it will not match the hash in the digital signature.
Equally, a forged signature will not match the hash of the document, and verifying the identity of the signee will be impossible.
How to add digital signatures to documents
Before you can add a digital signature to a document, you’ll need to complete two steps:
- Purchase a digital certificate and store it securely on your hard drive.
- Subscribe to a third-party app that can create digital signatures and attach them to documents.
According to data from G2.com, Adobe, DocuSign, and PandaDoc are the most popular digital signature tools. When selecting a solution, make sure you pick one that is uniquely suited to your business needs.
There are numerous alternatives available, so be sure to research all your options thoroughly before making a decision, and remember to take advantage of any free trials.
Some service providers, for example, allow you to create a “self-signed” digital signature without the need to use a certificate authority.
Others offer digital signature features as part of a broader package of document management and tracking tools.
How to add a digital signature in PandaDoc
Here’s how you can add a digital signature to a document using PandaDoc:
1. Log into your PandaDoc account.
2. Upload a document by clicking New Document > Upload or open an existing one from the Documentstab.
3. Select Content > Fields and drag and drop the Signature box into the document.
4. Click on the field and add your signature (if it’s for you) or send it to your client by hitting the Completebutton and following the on-screen prompts.
If you’re thinking about implementing digital signing processes in your organization, or if you’re legally obliged to do so, then opting for a comprehensive document management solution will allow you to streamline your workflows, save employee time, and cut down on costs.
Signatures are just one part of the puzzle when it comes to creating, approving, and tracking electronic business documents like contracts, proposals, quotes, and so on.
Signature solutions enable you to track digital document activity from an in-depth analytics dashboard, test different variations and templates with a view to boosting conversion rates, access e-sign functionality in existing apps with the aid of custom APIs, and automate managerial or legal approval.