The topic of this article is thus an approach to the two terms in order to be able to offer companies and others help in safely navigating the search for the right application and the right integration. Let's start with the basic question first to get the initial confusion under control:
What is the difference between digital and electronic signatures?
At first glance, electronic and digital signatures are almost indistinguishable, since signatures are made digitally without much effort, which makes it tempting not to take a closer look at the different types.
The term electronic signature includes a legal term intended to certify the will of the signatory. This is "data in electronic format attached to or logically associated with other electronic data with which the signatory signs", according to Regulation (EU) No. 910/2014 or better known as the eIDAS Regulation. Thus, the form of an electronic signature involves a physical person verifying an action or procedure electronically, leaving a bundle of electronic data, such as date and time. In the case of the electronic signature, there are also different regulations, as well as different legal frameworks, with regard to the origin of the signatures. Now that we have clarified the electronic signature, let's take a step further and look at the digital signature.
The digital signature
In contrast to the electronic signature, there is also the digital signature. The main rule for signatures is that a digital signature is always an electronic signature, but an electronic signature is not automatically a digital signature. With the digital signature, the focus is on authenticating the identity of the sender and confirming that the document is unchangeable from the original. In this context, the digital signature is based on encryption with a public key that meets the requirements of a definition of advanced electronic signatures (FES). What exactly constitutes an FES will be explained in more detail in a separate article in the near future, but we will merely mention it here.
So, in summary, the electronic signature is a much more general expression for electronic data. The digital signature, on the other hand, does not necessarily have a legal character, because this signature is not intended to express the act of will of the signer, but to encrypt the data of a document for security reasons. Thus, by means of the digital signature, the impersonation of a person's identity is avoided and, consequently, the authentication and identification in all possible types and applications of administrative, bureaucratic and/or fiscal processes is made possible. So there are quite a few use cases for this type of signature.
Basically, in the case of signatures in court:
The more evidence the signers capture during the signing process, the higher the likelihood that the particular signed document had the right framework and will be accepted in court.
That's all well and good as far as it goes, but:
What does that mean now?
Overall, the digital signature is thus an essential component of the advanced electronic signature, in contrast to the simple electronic signature, which can be used much more widely. There are therefore different framework conditions for the various signatures in which they can be used. It has also already become clear here that there are obviously various security gradations between the signatures required, and that there must be. We will take a closer look at this topic in a separate article, where we will examine the various types of electronic signature already mentioned here (simple electronic signature (EES), advanced electronic signature (FES) and qualified electronic signature (QES)).
Whether contracts, certificates or other pdf documents are to be signed, the digital and electronic signatures greatly facilitate all processes in all industries, not only in a business process, but also in the administration. The use cases are therefore very versatile. They also always involve trust services, which is what we at TrustCerts are dedicated to: Secure integrity and encryption. The solution we offer and develop with our team should not only facilitate communication and business processes, but also stand for trust and security.
Further information on the eIDAS Regulation can be found at the German Federal Office for Information Security (BSI)