What is a Digital Signature?
A digital signature cryptographically binds a digital signature certificate, issued by a trust services provider (TSP), to a document using public key infrastructure (PKI) technology. Digital signatures validate and authenticate signer identity and document integrity, delivering higher levels of assurance that the signer is who they say they are and that the document hasn’t been altered. Digital signatures are ideal for transactions that require higher level of security and are necessary in certain countries and regions where companies are required to comply with legal regulations, such as eIDAS in the European Union and ZertES in Switzerland. In some countries, some forms of digital signatures have legal validity equivalent to handwritten signatures.
DigiCert® Document Trust Manager provides secure trusted digital signatures complying with EU eIDAS and Swiss ZertES signature laws, and other signature laws around the world. Learn more about country regulations.
How Does a Digital Signature Work?
The Digital Signature is built on many layers of security and governance. The signature is generated by applying a mathematical algorithm or hash function and a timestamp on the entire document or message and is then encrypted using the public key cryptographic method. This method uses a pair of cryptographic keys, private and public, for encryption and decryption. The signer encrypts the hash with their private key while the reader decrypts it with the public key of the signer. The security and distribution of the keys, the attestation to the identity or authentication of the signer, the third parties (Certificate Authorities) that provides the authentication and the trust level attributed to the signings are governed by Public Key Infrastructure (PKI), a method used widely for securing transactions and communications on the internet.
Why do I Need a Certificate for a Digital Signature?
Certificates are issued by a Trusted Services Provider (TSP) and/or Certificate Authority such as DigiCert. This certificate is used to facilitate identity assurance and encryption as well as provide secure communications between 2 entities. A certificate consists of an electronic document that links the data of the signer and the validation of the signature to the unequivocal identification of a natural person or organization.
There are two main types of certificates for digital signatures: Adobe Approved Trust List (AATL) certificates and qualified certificates. The main difference between the two types of certificates is who is certified to issue the certificate. Adobe-approved trusted service providers (TSP) issue the AATL certificates while only qualified trust service providers (QTSP) are allowed to issue qualified certificates. A TSP does not require an independent audit and are not listed in the European Union Trust List while a QTSP is controlled by a Supervisory Body determined by the country that provides the accreditation. QTSPs may also provide the following trust services:
- Electronic signatures
- Electronic seals
- Electronic time stamps
- Electronic registered delivery services
- Website authentication certificates