Before we begin let’s discuss the difference between an electronic signature and a digital signature. There are distinctive differences which are important to understand.
This is a signature that you add to a document located on the Internet. It could be an email, or a PDF file. In each case there are different ways to create and add them to the document.
Another electronic signature you may be becoming more familiar with is the one used when getting a package delivered to your home which you need to sign for. Or, even in retail outlets where you use your credit cards. It seems that electronic signature devices are being used more frequently.
It might look like an electronic pad or gadget and will have a field that looks like this x______________. This is where you sign your name. This is as good as if you were signing a piece of paper. It indicates that a transaction has taken place and you have agreed to it by signing your name.
Pro: No cumbersome papers to sign, convenient and secure for the merchant. It serves as proof of agreement for any charge back issues.
Con: Cost of Equipment.
Digital signatures are different and more complicated. Digital signatures are obtained from services like Verisign.
Digital signatures are used to authenticate the author of documents that are sent electronically. You get them from a ‘certificate authority’ site. There are quite a few identity checks required before you can receive your digital signature.
A digital signature comes with a public key authority or PKI. When you apply and receive a digital signature, you get two keys. One signature is a public key and the other is a private key.
Pro: Very secure, involves encryption between sending and receiving the document.
When you digitally sign a document you use your private key signature. Then, the document is ‘hashed’, encrypted and sent to the receiver. They use your public key, which you previously provided them. If no changes have been made to the document as confirmed by the private key, the item is then decrypted and appears in normal reading format.
If for any reason the public key doesn’t work, then it means that the item has been tampered with.
Con: Some certificates are easier to obtain than others.
Digital signatures are more for technology based protection and the laws regarding them will depend on state law. Certificates expire so it is the responsibility of the receiver to confirm the pubic key is valid. If you own the key, you need to take responsibility for keeping it safe. Common sense should prevail. If you’ve gone to all the trouble to obtain one, don’t give it to others to use.
For additional precautions, consider getting a service that provides time stamps on the document. If you think your key has been stolen, this may help pinpoint when and who stole you key.
Unless you have a business that requires the transmission of secured documents it is unlikely that you will need a PKI digital signature. For most of us, the signatures you add to your PDF documents are sufficient.