The topic of this article is thus an approach to the two terms in order to be able to offer companies and others help in safely navigating the search for the appropriate application and the right integration. Let’s start with the basic question first to get the initial confusion under control:
What is the difference between digital and electronic signatures?
At first glance, electronic and digital signatures are hardly distinguishable, since signatures are made in a digital framework without much effort, which makes it tempting not to take a closer look at the different types.
The term electronic signature encompasses a legal concept that is intended to authenticate the will of the signatory. It is “data in electronic format attached to or logically associated with other electronic data with which the signatory signs”, according to Regulation (EU) No 910/2014 or better known as the eIDAS Regulation. The form of an electronic signature thus involves a physical person verifying an act or procedure electronically, leaving a bundle of electronic data, such as the date and time. In addition, there are different regulations for electronic signatures, as well as different legal frameworks regarding the origin of signatures. Now that we have clarified the electronic signature so far, let’s go one step further, to the digital signature and shed some light on it.
The digital signature
In contrast to the electronic signature, there is also the digital signature. The main rule for signatures is that a digital signature is always an electronic signature, but an electronic signature is not automatically a digital signature. With the digital signature, the focus is on authenticating the identity of the sender and confirming the immutability of the document compared to the original. The digital signature is based on encryption with a public key that meets the requirements of a definition of advanced electronic signatures (FES). What exactly constitutes an FES will be explained in more detail in a separate article in the near future, but we will leave it at this point with just a mention.
So, in summary, the electronic signature is a much more general term for electronic data. The digital signature, on the other hand, does not necessarily have a legal character, because this signature is not intended to express the signatory’s act of will, but rather to encrypt the data of a document for security reasons. Thus, by means of the digital signature, the impersonation of a person’s identity is avoided and consequently the authentication and identification in all kinds and applications of administrative, bureaucratic and/or fiscal processes is made possible. So there are quite a few use cases for this type of signature.
Basically, when it comes to signatures in court:
The more evidence the signer captures during the signing process, the higher the probability that the respective signed document had the right framework conditions and will be accepted in court.
That’s all well and good so far, but:
What does it mean now?
Overall, the digital signature is thus an essential component of the advanced electronic signature, as opposed to the simple electronic signature, which can be used much more broadly. So there are different framework conditions for the different signatures in which they can be used. It has also already become clear here that there are obviously various security gradations between the required signatures and that there must be. We will approach this topic in detail in a separate article, where we will take a closer look at the different types of electronic signature already mentioned here (simple electronic signature (EES), advanced electronic signature (FES) and qualified electronic signature (QES)).
Regardless of whether contracts, certificates or other pdf documents are to be signed, digital and electronic signatures greatly facilitate all processes in all sectors, not only in a business process but also in administration. The use cases are therefore very versatile. They also always involve trust services, which is what we at TrustCerts are dedicated to: Secure integrity and encryption. The solution we offer and develop with our team should not only facilitate communication and business processes, but also stand for trust and security.