Are digital signatures and electronic signatures one and the same?

Thomas: No. A digital signature refers to a signature based on public/private key cryptography and the use of public key certificates, while an electronic signature is generally a proof of intent to sign in any suitable manner, even without the use of cryptography (e.g. by just adding a statement of intent etc.). Both notions, however, apply to digitised documents.

Doing a bit of research on the Internet, we can easily find a lot of sources that state that digital signatures are embedded in a public key infrastructure (PKI) and based on certificates, while electronic signatures are not. Is this right?

Thomas: No, it is not correct. An electronic signature is technically wise a more general concept. From a technical point of view, it can also be a digital signature, i.e. when public/private keys are used for signing, as in the case of eIDAS Qualified Signature. Of course, there are some types of electronic signatures that do not necessarily rely on digital signature technology, but when these two notions are combined, it results a powerful signature able to guarantee data authenticity and integrity. It will also reliably detect whether the signed document has been modified after signature and prove signer’s consent over the content of the signed document. The underlying condition is to use state-of-the art cryptographic algorithms.

Which one is the best use when we want to sign legally binding documents?

Thomas: The digital signature is a technical terminology; it has no explicit legal definition under eIDAS, solely an implicit one in the case of the qualified electronic signature. On the other hand, the electronic signature has received a legal recognition thanks to eIDAS Regulation. This means that a digital document signed with an electronic signature cannot be denied as evidence in a trial solely on the grounds that it is in a digital form.

Furthermore, when meeting certain eIDAS requirements, an electronic signature can even have the equivalent legal effect of the handwritten signature. This is the type of electronic signature that bears the name of qualified electronic signature. This is why we recommend an electronic signature based on Public Key Infrastructure and with a suitable level of cryptography, which meets European standards and facilitates interoperability.

 

 

 

 

About Thomas

Thomas Kopp started his professional career in 1987 after having finished studies of mathematics & computer science with diploma degree at the University of Saarbrücken in Germany. During the subsequent 25 years, he took on various professional roles and acquired in-depth knowledge and expert competences in numerous fields of information processing with special focus on parallel computation, network protocols, security infrastructures, PKI and Advanced Electronic Signatures.

Thomas joined LuxTrust S.A. in 2012 as Head of IT Development after having formerly been responsible for the Security Development Department of DIaLOGIKa GmbH in Germany. After becoming responsible for LuxTrust’s IT Department in 2013, he left operational obligations in 2016 to focus on innovations and new technologies as the LuxTrust Chief Scientist.

 

 

 

Disclaimer: The above represents LuxTrust’s understanding of the relevant law or regulation and should not be taken, relied on or interpreted as a legal opinion. Customers are encouraged to seek independent legal advice before taking any action or decision based on this information. LuxTrust may not be held liable for damages that may result from the use and/or interpretation of the information contained in this document.