What are digital signatures and how do they work?

The concepts of electronic and digital signatures are often confused. Pop the phrase “What are electronic signatures?” into Google and the results will likely show at least one or two articles about digital signatures. The reverse is true of the term “What are digital signatures?”.

As a business, it’s important to know when to use digital signatures instead of electronic signatures. Electronic signatures will suffice in the vast majority of cases. But in certain situations, a digital signature will provide an extra layer of security.

This is true of industries where the enforceability of contracts and non-repudiation is a priority, when legal requirements dictate the use of digital signatures (such as in the United States), or when a high-value deal is under consideration and the possibility of tampering needs to be completely eliminated.

In this post, we’re going to describe how digital signatures work in plain English while keeping technical jargon at a minimum.

Electronic vs digital signatures

So, what are the key differences between digital and electronic signatures?

Here are the two bare-bones definitions:

What are electronic signatures?

E-signatures are straight forward virtual marks. These marks are added to documents like proposals and contracts, which are usually in PDF, Microsoft Word, or Google Docs formats.

A simple example of an electronic signature is a photograph of a real signature that is uploaded and included at the bottom of an invoice.

Contract management apps like PandaDoc enable both recipients and senders to add fields to documents, quickly create, and add electronic signatures even in third-party applications. PandaDoc also automatically generates a certificate recording the date and time of the signature, thus adding extra security.

What are digital signatures?

Digital signatures are encrypted versions of an original document tied to an individual user. These kinds of signatures are much more secure than their electronic counterparts. But they’re also more difficult to create.

Digital signatures require special certificates from a certificate authority and can only be “written” using special software. The combined cost of the digital certificate (which may need renewing on a regular basis) and the software can be high.

Those are the main differences between the two types of signatures. For a more detailed comparison, take a look at our in-depth article on the topic.

Now, let’s take a look at exactly how a digital signature works.

How do digital signatures work?

Digital signatures rely on “certificates”. A “digital signature certificate” is a secure personal key – a tool for encrypting a document – which is issued by a certificate authority or “CA”. A common infrastructure, called a public key infrastructure (PKI) facilitates the use of digital certificates and public-key cryptography. Your certificate contains specific personal details like your email address, name, location, and more.

Digital certificates

When you purchase a digital signature certificate, you’ll receive both a private and a public key (a “key pair”). During the approval process for a document, at least one signer will share their public key with the other party. If both parties are signing digitally, then both will share their private keys. The public key is used to decipher a document but cannot encrypt it in the first place.

Your certificate is stored on your hard drive. Only you have access to it. Alternatively, a digital certificate may be kept on a special USB stick.

Personal and Public Keys

Whenever you sign a document using your certificate, a hashed version is created. The document’s text is sent through a hashing algorithm, a type of function that turns the original content into a collection of numbers and letters called a digest.

The digest is then encrypted with your personal key. This is your “digital signature” — a protected version of the digest which can only be translated using your public key. Note here that the term signature doesn’t just refer to a virtual mark. It is a combination of both the content of the approved document and your private key.

Matching the digest and the digital signature

The document with the digital signature attached is returned to the sender, who creates a hashed version of the original document using the public key and decrypts the recipient’s digital signature to see the first hash value. If both match then the signature is validated.

It is important to remember this final point: If the content of the signed document was altered after signing, it will not match the hash in the digital signature. Equally, a forged signature will not match the hash of the document.

How to add digital signatures to documents

Before you can add a digital signature to a document, you’ll need to complete two steps:

  1. Purchase a digital certificate and store it securely on your hard drive.
  2. Subscribe to a third-party app that can create digital signatures and attach them to documents.

According to data from G2.com, Adobe and DocuSign are the two most popular digital signature tools. When selecting a solution, make sure you pick one that is uniquely suited to your business needs. There are numerous alternatives available, so be sure to research all your options thoroughly before making a decision and remember to take advantage of any free trials.

Some service providers, for example, allow you to create a “self-signed” digital signature without the need to use a certificate authority. Others offer digital signature features as part of a broader package of document management and tracking tools.

How to add a digital signature in PandaDoc

Here’s how you can add a digital signature to a document using PandaDoc:

  1. Log into your PandaDoc account.
  2. Upload a document by clicking New Document > Upload or open an existing one from the Documents tab.
  3. Select Content > Fields and drag and drop the Signature box into the document.
  4. Click on the field and add your signature (if it’s for you) or send it to your client by hitting the Complete button and following the on-screen prompts.

Why not use a dedicated solution?

If you’re thinking about implementing digital signing processes in your organization, or if you’re legally obliged to do so, then why not opt for a comprehensive document management solution like PandaDoc?

Signatures are just one part of the puzzle when it comes to securely creating, approving, and tracking electronic documents like contracts, proposals, quotes, and so on.

A dedicated solution will allow you to streamline a range of time-wasting tasks. You can also track digital document activity from an in-depth analytics dashboard, test different variations and templates with a view to boosting conversion rates, and automate managerial or legal approval.

If that sounds interesting, take advantage of a free trial or sign up for our forever-free plan.