Before we begin, let’s discuss the difference between an electronic signature and a digital signature. There are distinctive differences that are important to understand.
Electronic Signatures
This is a signature that you add to a document located on the Internet. It can be an email or a PDF file. In each case there are different ways to create and add them to the document.
Another electronic signature that you may be familiar with is the one used when a package is delivered to your home that you must sign. Or even at points of sale where you use your credit cards. It seems that electronic signature devices are used more frequently.
It may look like an electronic notebook or a device and will have a field similar to this x______________. This is where you sign your name. This is as good as if you were signing a piece of paper. Indicates that a transaction has been made and you have accepted it by signing your name.
Pro: No cumbersome papers to sign, convenient and safe for the merchant. It serves as a proof of agreement for any chargeback issues.
Swindle: Equipment cost.
Digital signatures
Digital signatures are different and more complicated. Digital signatures are obtained from services like Verisign.
Digital signatures are used to authenticate the author of documents that are sent electronically. You get them from a ‘certificate authority’ site. Quite a few identity checks are required before you can receive your digital signature.
A digital signature comes with a public key authority or PKI. When you request and receive a digital signature, you get two keys. One signature is a public key and the other is a private key.
Pro: Very secure, it involves encryption between sending and receiving the document.
When you digitally sign a document, you use your private key signature. The document is then ‘hashed’, encrypted, and sent to the receiver. They use your public key, which you provided to them earlier. If no changes have been made to the document as confirmed by the private key, the item is decrypted and appears in normal read format.
If for some reason the public key does not work, it means that the item has been tampered with.
Swindle: Some certificates are easier to obtain than others.
Digital signatures are more for technology-based protection and the laws regarding them will depend on state law. Certificates expire, so it is the recipient’s responsibility to confirm that the public key is valid. If you have the key, you must take responsibility for keeping it secure. Common sense must prevail. If you’ve gone to the trouble to get one, don’t give it to others to use.
For additional precautions, consider obtaining a service that provides timestamps on the document. If you think your key was stolen, this can help identify when and by whom it was stolen.
Unless you have a business that requires secure document transmission, it is unlikely that you will need a PKI digital signature. For most of us, the signatures you add to your PDF documents are sufficient.