What is the difference between an electronic signature and a digital signature

An electronic signature is any author identification and verification mechanism used in an electronic system. This could be a scan of your real hand-written signature, or any kind of electronic authenticity stamp. It's a generic term that covers a lot of authenticity measures.

A digital signature is a type of electronic signature. It is a signature generated by a computer for a specific document, for the purposes of strong authenticity verification. For example, in asymmetric cryptography, a private key might be used to sign a hash of a document, which anyone in possession of the corresponding public key can verify but not forge. It also prevents modification of the document after the signature is generated. This allows one user to place a digital signature on a document, and many other users to verify that the signature is correct.

A digital signature scheme might work as follows:

  1. Alice generates an asymmetric key pair (e.g. RSA)
  2. Alice computes a cryptographic hash (e.g. SHA256) of the document.
  3. Alice encrypts the hash using her private key.
  4. Alice makes her public key available to anyone who wants it.
  5. Bob downloads the document and a copy of Alice's public key.
  6. Bob computes a cryptographic hash of the document.
  7. Bob decrypts the signature value stored in the document using Alice's public key.
  8. Bob compares the decrypted hash with the hash he computed. If they match, the document is authentic.

In the next scenario, Eve fails to subvert the process:

  1. Alice publishes her public key and the signed document.
  2. Eve downloads them, but wants to modify the document. Since Eve only has the public key, she cannot forge the signature.
  3. Eve modifies the document anyway, and gives it to Bob.
  4. Bob opens the document and checks that the hash matches the signature. It does not, so he knows that the document has been modified or the signature forged.

Disclaimer: IANAL - In terms of legal standing (at least in the UK, pretty sure the US too) an electronic signature, in the form of a scanned image of the signer's hand-written signature, is considered to be legally binding. However, it is often trivial to extract the signature and use it on other documents without the author's permission. In the case of a dispute, most courts require some sort of digital signature of authenticity to prove that the electronic copy of the physical signature is authentic.


So the key differences - very simply explained:

  • Electronic signatures: It's a legal concept that captures intent and consent. It can be anything, from a scripted text, click-to-sign, image or voice image that illustrates an action of consent.
  • Digital signatures: It's the mechanism that secures documents with cryptography.

Often times, to have a legally binding e-signature, you need both to be present as well as proof of intent and due process. Otherwise it can be easily repudiated by the signers.

Some interesting resources that can help:

  • http://www.supreme.state.az.us/opin/pdf2007/cv060280sa.pdf
  • http://www.silanis.com/resource-center/electronic-signature-faqs
  • https://stackoverflow.com/a/2882521

Hope this helps!


They are using the term digital signature to separate it from an electronic fax signature (as one example). Originally fax machines were analog though electronic. You would use a fax to take a picture of a real hand written signature creating an analog electronic representation of it. This would be converted through a modem to the distant end fax machine. Please understand I am grossly oversimplifying my explanation. Digital electronics were still used, but the overall function was analog.

Tags:

Digital Signature

Recent Posts