What is a digital signature and how do I create one are two of the most common questions we are asked.
There is a clear difference between electronic signatures and digital signatures though, and confusingly digital signatures can be referred to as electronic signatures which does not help matters.
What is a digital signature?
Digital signatures must provide a way to authenticate the signer’s identity.
Authentication is done through the use of a unique Public Key Infrastructure (PKI) signing key for each user and an associated digital certificate which acts as a digital identity embedded into every signature. Public Key Infrastructure is a technical framework of encryption and cybersecurity.
Every time you create a new digital signature, these technologies get to work to securely bind your identity to the document. The signing key is private and remains under the sole control of the owner, only accessible after appropriate authentication and authorisation checks.
One of the most commonly used digital signature is a Qualified Signature.
Under the EU’s eIDAS regulation (shorthand for electronic identification and trust services), Qualified Digital Signatures must be:
- Uniquely linked to the signatory;
- Capable of identifying the signatory;
- Created using means that the signatory can maintain under their sole control;
- Linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;
- Require the use of a Qualified Signature Creation Device (QSCD) and a qualified digital certificate issued by a trusted Qualified Certificate Authority (CA).
These requirements sound complicated, but essentially they are a series of requirements that make Qualified Digital Signatures one of the most secure ways to digitally sign a document in the EU – it is why they are used so extensively in high-trust industries such as banking and government.
How do I digitally sign a document?
To digitally sign a document you need to have a private signing key. Your private signing key must remain under your sole control and be able to prove your identity.
The most common way of creating a digital signature is to use Public Key Cryptography (PKC). Public Key Infrastructures (PKI) are used to deliver PKC.
At a basic level, digital signature solutions require each user to have a public and private key pair which are mathematically linked. The private key remains under the owner’s sole control and is used to sign. When digitally signing a document, a cryptographic code is created, which is embedded into the document.
In the process of verifying the document, the signer’s public key is used to unwrap the digital signature code and compare it with the document to ensure a match.
The public key is created by a Certificate Authority (CA). CAs are independent organisations that provide independent digital signature authorisation.
The short layman’s version:
When you digitally sign a document your digital identity (your private key) and a unique code are embedded into a document. A public key compares these codes to verify you are who you say you are.
Once it can verify this, your digital signature is created and embedded into the document and any further changes will be recognised in the code.
How do I digitally sign a PDF document?
PDF is still the most common format for digitally signed documents. Currently, it is one of the most accessible document formats available. PDFs can display verification details of digital signatures – basically, an audit trail.
The audit trail of PDF documents display who signed the document, when it was signed and if the document has been altered since – all vital information to ensure the your digital signature's validity.
For archiving and the long-term validation (LTV) of electronic documents, PDF/A is specifically required. This format ensures all the required information to display the document is contained within the actual PDF. It ensures the document can be viewed in the same format long into the future (years and years) - even if things like fonts or other formatting changes happen or if they are no longer available.
In order to be eIDAS compliant, it is recommended that ETSI PAdES (PDF Advanced Electronic Signatures) are used to ensure that PDF documents are legally binding and are able to be validated long in to the future (Long-Term Archive or LTA). Validation time can be anywhere from a few years to decades and LTV can be renewed to make documents valid for hundreds of years.
What digital signature solution does SigningHub offer?
SigningHub offers eIDAS-compliant Advanced and Qualified Signatures and works with global Qualified Trust Service Providers (QTSPs) and Certificate Authorities (CAs) to issue certificates and signing keys for users.
SigningHub also supports remote signing through the use of the Ascertia ADSS SAM Appliance – the first qualified signature creation device (QSCD) to become Common Criteria EN 419 241-2 certified.
SigningHub uses a range of standard digital signatures – ISO 32000, ISO 18500, ETSI PAdES, XAdES and CAdES.
Want to learn more about digital signatures? We delve into more detail on our digital signature page. We also have extensive information about electronic signatures.
How do I create a digital signature in Word?
To sign documents in Word without having to convert the files to PDF, your files should be in an OpenXML format.
The SigningHub for Word app lets you create verifiable, long-term digital signatures (in XAdES-X-Long-format) which are fully compatible in Microsoft Word 2013 and 2016.
Depending on which version of Word you are using, the SigningHub for Word app either appears on Home or under My Apps. Clicking on it opens a SigningHub for Word window within the document so you can insert signature fields for signers or insert a digital signature into a signing field.
Watch a video about how to sign in Word: