“Digital signature” and “electronic signature” are two of the most common concepts we encounter when we want to sign electronically documents. Most of the times, they are used interchangeably, which made us wonder… Are there any differences between them or are they two names used to define the same thing? Our boffin, Thomas Kopp, Chief Scientist, agreed to answer some quick questions to help us better understand these concepts. We also took this occasion to debunk some of the existing myths on the Internet regarding electronic and digital signature.
Are digital signatures and electronic signatures one and the same?
Thomas: NO. Digital signature refers to a signature based on public/private key cryptography and the use of public key certificates, while an electronic signature is generally a proof of intent to sign in any suitable manner, even without the use of cryptography (e.g. by just adding a statement of intent etc.). Both notions, however, apply to digitised documents.
Doing a bit of research on the Internet, we can easily find a lot of sources that state that digital signatures are embedded in a public key infrastructure (PKI) and based on certificates, while electronic signatures are not. Is this right?
Thomas: No, it is not correct. An electronic signature is technically wise a more general concept. From a technical point of view, it can also be a digital signature, i.e. when public/private keys are used for signing, as in the case of eIDAS Qualified Signature. Of course, there are some types of electronic signatures that do not necessarily rely on digital signature technology, but when these two notions are combined, it results a powerful signature able to guarantee data authenticity and integrity. It will also reliably detect whether the signed document has been modified after signature and prove signer’s consent over the content of the signed document. The underlying condition is to use state-of-the art cryptographic algorithms.
Which one is the best use when we want to sign legally binding documents?
Thomas: The digital signature is a technical terminology; it has no explicit legal definition under eIDAS, solely an implicit one in the case of the qualified electronic signature. On the other hand, the electronic signature has received a legal recognition thanks to eIDAS Regulation. This means that a digital document signed with an electronic signature cannot be denied as evidence in a trial solely on the grounds that it is in a digital form.
Furthermore, when meeting certain eIDAS requirements, an electronic signature can even have the equivalent legal effect of the handwritten signature. This is the type of electronic signature that bears the name of “qualified electronic signature”. This is why we recommend an electronic signature based on Public Key Infrastructure and with a suitable level of cryptography, which meets European standards and facilitates interoperability.
Thomas Kopp started his professional career in 1987 after having finished studies of mathematics & computer science with diploma degree at the University of Saarbrücken in Germany. During the subsequent 25 years, he took on various professional roles and acquired in-depth knowledge and expert competences in numerous fields of information processing with special focus on parallel computation, network protocols, security infrastructures, PKI and Advanced Electronic Signatures.
Thomas joined LuxTrust S.A. in 2012 as Head of IT Development after having formerly been responsible for the Security Development Department of DIaLOGIKa GmbH in Germany. After becoming responsible for LuxTrust’s IT Department in 2013, he left operational obligations in 2016 to focus on innovations and new technologies as the LuxTrust Chief Scientist.