Electronic Signatures and Digital Signatures

Electronic Signatures

There are a plethora of ways to define what an electronic signature is. The exact definition can vary from person to person, industry to industry, state to state, or country to country. In all this chaos, however, there are commonalities that can be used to determine what an electronic signature actually is.

In the United States, there are two legislative acts that are generally referenced when discussing electronic signatures. These acts are:

• Uniform Electronic Transactions Act (UETA)
• Electronic Signatures in Global and National Commerce Act (ESIGN Act)

These acts define electronic signature in almost the same way. Here is the definition from the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. § 7006 (2000):

Electronic Signature

"An electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."

In oversimplified terms, an electronic signature is something electronic that is:

1. linked to something else in some way, and;
2. accepted by someone who intends to sign the thing to which the electronic signature is linked

While definitions of electronic signatures vary, most describe them in much the same way as the UETA and the ESIGN Act.

Digital Signatures

Digital signatures are NOT the same as electronic signatures. While digital signatures can be used as electronic signatures, they are not the same. A digital signature is a specialized form of electronic signature that offers some very important benefits over more simplistic forms of electronic signatures.

At a high level, a digital signature is the output of a mathematical algorithm that creates a unique digital fingerprint of the content being signed. Importantly, during the digital signature creation process, the algorithm can create a verifiable link between the individual or entity that generated the digital signature and the electronic content being signed.

Furthermore, digital signatures have three important properties that make them far superior to plain electronic signatures. These properties are as follows:

1. Authenticity: Digital signatures are typically implemented using asymmetric cryptography. This process involves two keys — a public key and a private key. The private key is used to create the digital signature and the public key is used to verify or validate the digital signature. As long as the private key remains private and unrevoked, the digital signature uniquely identifies the person or entity that created it.
2. Integrity: As I mentioned earlier, digital signatures are a digital fingerprint of the content being signed. As such, digital signatures act as a form of tamper protection and detection. Changing the content that was signed, changes the fingerprint. So, if someone changes the content that was signed, verification of the digital signature will fail.
3. Non-repudiation: This property of digital signatures follows from the authenticity property. Put simply, it means that the person or entity that has digitally signed the content cannot, at a later time, deny having signed the content.

Electronic and Digital Signatures in KloudSigning

KloudSigning makes use of both electronic signatures and digital signatures.

During the document signing process, the KloudSigning service captures an electronic signature from each signee, or signatory, of a document much like other web-based e-signature solutions do. The electronic signatures of the signees are converted to digital images and, once all signees, or signatories, have signed a document, their electronic signatures are stamped, or written, into the PDF document at the locations signed by each signee. In this way, using KloudSigning is very similar to obtaining a traditional "wet" signature on a document.

KloudSigning uses digital signatures in two ways. First, KloudSigning certifies that a PDF file being signed has not been changed since the document signing process began. This certification process entails creating a digital signature of the original document and changing the permissions on the PDF document so that no further changes are allowed. This digital signature provides a form of tamper protection and can be used to verify that the original PDF document has not been changed.

The second way in which KloudSigning uses digital signatures is by applying a digital signature on top of each electronic signature in the document. When an electronic signature is stamped, or written, into the PDF document, a digital signature of the PDF document is simultaneously written. This digital signature, along with the initial certification signature can be used to verify the state of the PDF document when the signee signed the document. This digital signature can also be used to verify the date and time at which a signee signed the document.

Conclusion

Electronic signatures and digital signatures are often used interchangeably, but they are not the same. Digital signatures are a superior type of electronic signature that can be used to verify the identity of the person or entity that signed a document, provide a means of data integrity to ensure documents are not changed after having been signed, and ensure no party that has signed a document can later deny having signed it.

I hope you found this post informative, and I hope you consider using KloudSigning the next time you need a PDF document signed.