The Difference Between Digital Signatures and Electronic Signatures

I don’t know why, but the technology industry loves to use acronyms and words that seem to either overlap with other similar words, or that are a slight variation on a word, but with widely different meanings. This is the case in the world of digitized signatures too. The terms, ‘electronic signature’ and ‘digital signature’ are often used interchangeably, but they are in fact different beasts all together. I’ll explain why below.

What is an electronic signature?

An electronic signature is a way of representing your signature on a computerized document, for example a delivery slip. The term ‘electronic signature’ can refer to several different methods of capturing a signature on a document or device. This includes methods such as using a tablet or mobile app to capture an image of a handwritten signature. It can also be simply typing your name into a signature box. An example of a commonly created electronic signature is when you sign for a delivery on the courier’s digital device.

What is a digital signature?

A digital signature is much more than an electronic signature. Digital signatures become intrinsically linked to the content of the digital document using encryption.

Anyone digitally signing a document needs a digital certificate; the certificate being unique to that individual. The certificate contains a public and a private key – known as a ‘key pair’. Digital signature software works by performing these steps:

1. The software creates a ‘hash’ of the document content. Hashes are representations of the whole content, including images.
2. The signatories certificate is then used to encrypt the hash. This combination of hashing and encryption creates an intrinsic connection between the document and the signatory; digital signing in this way, ties the two together.
3. The document hash is checked using the public key of the certificate to make sure it can be decrypted. It can only be decrypted if the user’s public key matches the private key used to encrypt the document.
4. When the signature is checked using the digital signing software, the original document is hashed again and both the original and signed hash are crosschecked. If there’s a difference between them, then the signature is invalidated.

Because a digital signature is effectively, ‘wrapped up’ in the content of the document, it means that if anyone tries to change anything about that document content, the signature will also change. It effectively invalidates the signature and indicates that the document has been tampered with.

What’s the difference between a digital signature and an electronic signature?

The table below shows a quick, at-a-glance view of some of the key differences between digital signatures and electronic signatures:

Digital Signature

Electronic Signature

Digital signatures are like a lock on a document. If the document changes after the signature is applied, it will show up as an invalidated signature. Electronic signatures are open to tampering.
Digital signatures are very secure. Hashes cannot be easily undone and encryption using a digital certificate is highly secure. Electronic signature’s are not based on standards and tend to use proprietary methods so are intrinsically less secure.
A digital signature is hard to deny. This is also known as non-repudiation. A digital signature is associated with an individual’s private key of a digital certificate. This identifies them as being the signatory, as it is unique. Electronic signatures are much harder to verify.
Digital signatures are nearly always time stamped. This is very useful in a court of law to tie a person to a signature at a specific day and time. Electronic signatures can have a time and date associated with the signature but it is held separate to the signature itself so is open to abuse.
Digital signatures can hold logs of events, showing when each signature was applied. In advanced digital signature products like ApproveMe, this audit trail can even send out alerts if the log is tampered with. Audit logs are not easily applied to electronic signatures.
The digital certificates representing the individual signatories give details of the person signing the document, such as full name, email address and company name – they are tied to the document signature through the certificate. If details of the person placing an electronic signature on a device or document are required, they have to be placed separately to the signature and are not held with the signature itself, therefore are more open to abuse.

What are digital signatures used for?

For these reasons, digital signatures hold up in a court of law far better than electronic signatures. It is much easier to prove who signed the document, when they signed and that their credentials were valid at the time of signing.

One of the really neat things about digital signatures is that they become an intrinsic part of a document lifecycle. So you can imagine that a legal document, like a contract, really benefits from utilizing digital signatures. You can create the contract, share it, agree it, add multiple signatories to it to finalize it and it will all be audited. You know, once it is signed, that it is set in stone. Any changes will show up in an invalidated signature and audit trail.

In a world of electronic documents, a digital signature is the natural way to sign, seal and deliver on a promise.

ApproveMe’s WP E-Signature utilizes propriary digital signature technology to ensure that documents, contracts and legal agreements that are signed on your WordPress website adhere to the strictest esign laws and regulations.

To read more about the digital signature security you can visit this helpful article about WP eSignature security.

Or if you would like to use your WordPress powered website to create, send, and receive digital signatures on your documents and contracts you can learn more about WP E-Signature at www.approveme.com

Success!