Blog overview

The digital signature: explained simply

Published on July 8, 2024 · Updated on July 9, 2024
Jasmine Oeschger
Jasmine Oeschger
Digital signature
Jasmine Oeschger
Jasmine Oeschger
 

Whether for e-banking, purchase contracts, offers or online shopping: digital signature technology ensures security in many areas. The term «digital signature» is often confused with «electronic signature». In this article, we will explain the basics of digital signatures and electronic signatures: What is a digital signature? What is the difference between a digital signature and an e-signature? And how can I sign electronically?

What is a digital signature? Definition

Digital signature is an encryption method based on asymmetric cryptography. It ensures that a message has not been modified after sending (integrity) and that it genuinely originates from the indicated sender (authenticity).

In a nutshell: A digital signature can be compared to a personal wax seal on a physical document. An intact seal clearly indicates the origin of a message and that it has not been altered by anybody else.

There are many ways in which we can use a digital signature in our daily lives: for example, it is used every time we visit a secure website.

Digital signature vs. electronic signature: What is the difference?

The term «digital signature» is often used synonymously with «electronic signature». However, they are not the same:

  • «Digital signature» is a technical term. It refers to the mathematical encryption method mentioned above. However, it is also sometimes used in everyday language to simply refer to electronic signatures of any kind.
  • «Electronic signature» (or «e-signature» for short) is primarily a legal term. It refers to the electronic signing of documents. The law distinguishes between three different e-signature standards, which either can or cannot replace a handwritten signature, depending on the document.

Digital signature can be used to create an electronic signature – but it is not always mandatory. There is also a simpler standard which does not require a digital signature.

Would you like to try signing electronically right away?

Are you particularly interested in electronic signing and want to know more about its legal validity, how it works, and where you can get an electronic signature? Then read on in the section «Digital signature in electronic signing».

Digital signature: technology and functionality 

As previously mentioned, digital signature is a mathematical and cryptographic procedure designed to ensure the following attributes of a specific message:

  • Authenticity: The message definitively comes from a specific sender.
  • Integrity: The message has not been altered after sending.

Digital signature works based on asymmetric encryption:

  • The sender has a unique private key assigned to them.
  • The recipient, in turn, can access the matching public key.
  • «Key» refers to various mathematical algorithms that make text unreadable or readable.

The technical infrastructure that generates and provides the key pairs is called Public Key Infrastructure (PKI). The certification authorities (German: Zertifizierungsstellen) which verify the identity of a person or organisation and assign them a specific public key, are an essential part of the public key infrastructure.

How to get a digital signature: the procedure

The main requirement for creating a digital signature is a digital certificate. This is issued by the certification authorities and assigns a key pair (both a private key and a corresponding public key) to an individual or an organisation.

The following graphic illustrates the process of creating a digital signature: 

The process for creating a digital signature (source: Skribble)

Put simply, the creation of a digital signature consists of three steps:

  1. Encryption using a hash algorithm
    The message is converted into a string of characters. Applying the same hash algorithm to the same message will always produce the same string. Important: Even the smallest changes to the message will change the hash algorithm’s results.
  2. Second encryption using the private key
    The hash algorithm’s results are then encrypted using the sender's private key.
  3. Sending or saving of the message
    The unencrypted message is now sent or saved together with the double-encrypted message and the hash algorithm.

Note: If you also want to prevent unauthorised people from reading the message (confidentiality), it can be secured with an additional, separate encryption.

Verification of the digital signature

If the recipient wants to check whether a message really originates from the indicated person – and has not been altered in any way – they can verify the digital signature. The verification of a digital signature also consists of three steps:

  1. Decryption with the public key
    Via the public key infrastructure, the recipient has access to the public key, which matches the sender's private key. The recipient uses this to decrypt the double-encrypted document – and receives the character string generated by the hash algorithm.
  2. Encryption with the hash algorithm
    Next, the unencrypted document is then encrypted by the recipient using the specified hash algorithm.
  3. Comparison of both versions
    The results from step 1 and step 2 are now compared. If the character strings match, one can be sure that the transmitted message has not been altered in any way.

The verification thus proves the following attributes:

  • Authenticity: If the decryption with the public key is possible, this proves that the message was encrypted with the private key of the respective sender – to which only the sender has access.
  • Integrity: By comparing the two versions, one can ensure that the message has not been altered since. Even a single additional space would lead to a different result when applying the hash algorithm and invalidate the digital signature during verification.

Digital signature in electronic signing

Among other things, digital signature is used to create secure, verifiable signatures electronically. It is important to know that legislative authorities define three standards for electronic signing:

  • Simple Electronic Signature (SES): This could be a scanned signature or an attached email signature. Cryptographic encryption (such as a digital signature) is not necessarily required.
  • Advanced Electronic Signature (AES): Here, the digital signature process is employed because the integrity of the signed document needs to be demonstrated, and the signer must be uniquely linked to the signature.
  • Qualified Electronic Signature (QES): In this case, the digital signature is also used to ensure the integrity of the document and the authenticity of the signature. However, additional security requirements apply here, such as a stricter verification of the signer’s identity by the certification authorities.

Good to know: A secure electronic signature is not merely a simple copy of a handwritten signature. Instead, it involves linking data in such a way that the consent of a specific person can be clearly proven.

All three standards for electronic signing

The basics of electronic signing

Are you looking for more information about electronic signing? Here are the key points summarised for you.

What does an electronic signature look like?

Visually, an electronic signature can look various ways: depending on the type, it could be a scan of a handwritten signature, a QR code, or both. However, the crucial point is not the appearance, but the data linkage in the background.

In general, you should be aware that, from a legal perspective, there are three different standards for e-signatures. The type of signature determines which contracts it is legally recognised for.

You can customise the visual signature in Skribble, but the appearance is not important for validity

How does an electronic signature work?

An electronic signature consists of electronic data that is linked to other electronic data and used by a signatory to sign. This can be done in various ways.

For the most secure e-signature standard, the qualified electronic signature (QES), various mathematical encryptions are used. This allows the signature to be clearly assigned to a signatory.

What do you need for an electronic signature?

All you need for an electronic signature is a digital device such as a smartphone, PC, or tablet. Special hardware, such as a card reader and a signature card, is no longer necessary: due to the eIDAS Regulation and the Swiss federal law ZertES, you can create the electronic signature entirely as a remote signature (i.e., as an online signature).

With the online signature, the digital certificate required for signing is no longer stored on hardware (signature card, microchip, etc.), but is managed «remotely» on the servers of a trust service provider and retrieved online as required.

Can I create my own digital signature? 

Yes you can! How you create an electronic or digital signature depends on the respective e-signature standard. There are no special requirements for a simple electronic signature. For example, you can sign on a tablet or attach an email signature.

To create an advanced (AES) or qualified electronic signature (QES), proceed as follows:

1. Digital signature services 

Register with an e-signature provider of your choice. Make sure that the provider offers advanced and qualified signatures in accordance with EU or Swiss law.

Tip:  If you want to generate not only an AES but also a QES, you should take a close look at your potential provider. At Skribble, we have integrated QES as standard. With many other providers, you would have to enter separate contracts for this.

2. Activation or identification

For QES, you must confirm your identity via official certification authorities. This can be done in person or via video call. For the AES, this is not necessary; it can be activated using a mobile phone number.

Tip: With most providers, you need to handle the identification separately. At Skribble, we have seamlessly integrated this step into our service.

3. Now you can sign electronically 

Typically, you upload a document to the provider's platform and add your e-signature. With modern e-signature, you typically confirm your identity using two-factor authentication on your smartphone. You no longer need a signature card, and you can sign online with just a few clicks.

Tip: As a business customer of Skribble, you can integrate your electronic signature into existing systems (e.g., Microsoft SharePoint or GoogleDrive) and sign without any media discontinuity.

Sign now with Skribble! Your first e-signature in just a few clicks.

How do I create an electronic signature?

You can create your own e-signature in cooperation with an authorised provider, such as Skribble. The provider must ensure that all necessary security protocols are followed.

With Skribble, you get legally valid e-signatures under Swiss or EU law. Data management and storage is GDPR-and EU-compliant and the data is stored on highly secure Swiss servers (highest security level Tier IV).

With Skribble, you can get your electronic signature in just a few steps

Why and how to use digital signatures?

The benefits of electronic signatures are clear: Signatories do not need to physically sign the contract. This can save significant personnel and postage costs, especially if the contracting parties are in different locations.

Businesses benefit in various ways:

  • Faster contract completion: All parties can sign the contract within seconds.
  • Cost reduction: More efficient processes and lower staff and printing costs can reduce contract costs by up to 80%.
  • More efficiency: Employees, customers, and partners can work efficiently without unnecessary stacks of paper and media breaks.
  • Location independence: Whether at the home office, at a customer site or on a business trip – business can be conducted everywhere without loss.

Of course, it is important to note: Depending on the legal requirements for your documents, you may need to use recognised, secure signature standards such as the qualified electronic signature. This is legally equivalent to a handwritten signature.

Many people are wondering: Are digital signatures legally valid? That  depends on both the type of document and the type of signature.

In general:

  • If a contract or document is not subject to any specific form requirement, it is legally valid with a simple electronic signature. This applies to orders and notifications, but also to purchase contracts and NDAs.
  • If a contract or document requires written form, then it is only legally valid with a qualified electronic signature. This applies, for example, for signing a fixed-term employment contract digitally in Germany.

Whether a contract requires written form or not is defined by national law, e.g., the BGB in Germany or the OR in Switzerland. If you want to sign a contract digitally, you should therefore be familiar with the form requirements of the respective country.

In addition, it can sometimes make sense to choose a higher e-signature standard than legally required. Because: Even though a contract, such as a simple employment contract, is already legally valid with a simple electronic signature, it lacks evidential weight in the event of a dispute. In this case an advanced or qualified signature carries significantly more weight.

Sign electronically with Skribble

Are you looking for an easy way to sign documents with legal validity? Skribble is one of the best digital signature software products and offers all three e-signature standards on one platform. Identification is also seamless with Skribble, for example via video or in person. There is no need for a smart card or card reader.

How the signing process works

Signing electronically with Skribble is very simple. Once you have registered, you can create your e-signature in just a few clicks. Extra convenient: Skribble can be integrated into your existing software (e.g., Microsoft SharePoint or SAP) via an API. This makes digital contract management easy!

  • Select document

    Integrate Skribble into your existing systems or upload your document to our online platform.

  • Invite signatories

    Sign yourself and/or invite colleagues, partners and customers to sign.

  • Sign at the touch of a button

    Your document is legally signed in seconds - anywhere, on your mobile or desktop.

Legally valid in all cases

Whether with or without formal requirements for a document: With Skribble, you can sign every document with the appropriate legally valid e-signature. Choose between simple, advanced, and qualified electronic signatures (SES, AES, QES). Additional services are not necessary.

This is how you proceed:

  • Select the required e-signature standard and legal jurisdiction.
  • Position the visual signature(s).
  • Sign legally.

Invite your business partners and customers to sign as well: External parties can sign without a Skribble account.

Sign electronically now

Try Skribble for free and sign securely using all three e-signature standards, recognised under both EU and Swiss legislation for e-signatures.

Frequently used for:

  • employment contracts
  • purchase contracts
  • annual financial statements

Digital signature: price 

The exact costs depend on the pricing plan you choose. If you create a lot of signatures, you will usually benefit from a lower cost per unit. For example, the cost of a qualified electronic signature (QES) starts at €2.5 or CHF with Skribble. For more information, please visit our pricing page.

Click here to get an overview of our prices:

Secure e-signing with digital signature technology

A digital signature is a mathematical and technical process that is used to uniquely identify the person sending the signature invitation. At the same time, it can be verified that the message has not been modified.

These properties of a digital signature can be used in many areas – including for electronic signatures. Digital signatures can be used to create secure electronic signatures that are as legally valid as handwritten signatures.

Frequently asked questions about the digital signature

The mathematical process of digital signatures most commonly uses the asymmetric encryption method RSA (e.g., in variations such as RSA-FDH, RSA-PSS, or RSA-OAEP). However, when referring to the legal concept of electronic signatures, there are three standards: the simple, the advanced, and the qualified electronic signature.

A digital signature certificate consists of digital data that confirms specific attributes of individuals or objects. For example, it is often used to establish a person's identity. It can be compared to an electronic ID card.

There are several accredited certification authorities in the EU and Switzerland: A-Trust GmbH in the EU and Swisscom AG in Switzerland. At Skribble, we collaborate with both Swisscom AG and A-Trust (ID Austria) – both are recognised under EU legislation, and Swisscom AG is additionally recognised under Swiss legislation.

Trust services include various services that enable the creation of electronic signatures, electronic seals, electronic time stamps, registered delivery services and website authentication. These include the service of certificate authorities (Zertifizierungsstellen), such as Swisscom AG, which issue digital certificates. E-signature providers such as Skribble collaborate with such trust service providers.

When creating a digital signature, a timestamp can be added. This allows you to verify that the document has not been modified since it was created.

Yes, provided they are advanced or qualified electronic signatures from a trusted provider. A qualified electronic signature is legally equivalent to a handwritten signature in the EU and Switzerland. However, it is important to ensure that the signature provider meets the highest security standards for data protection and storage.

To verify a (qualified or advanced) electronic signature, a software program reads the electronic data. Using the mathematical process of the digital signature and the public key infrastructure, it is possible to identify who created the signature and whether the document has been modified. With a QES validator, you can easily verify qualified electronic signatures yourself.

A digital signature by itself is not sufficient to guarantee the confidentiality of a message. Therefore, additional encryption methods are usually applied to protect the content. Skribble uses additional cryptographic protection with AES-256 and personal RSA keys. This ensures that only authorised people can access the document.

Sign legally valid with
a few clicks

Worldwide usage, hosted in Switzerland.

You can test Skribble for free.
No credit card needed.
Available in English, German and French.