So what is a digital signature? Many people interchange these two terms; digital and electronic signature unknowingly but they are entirely different. You should know the difference between them because the significance of digital signature is increasing and it can help protect your messages or information.
An e-signature or eSignature, according to U.S. Federal ESIGN Act is,
Electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
So eSignature does not only mean an image of your signature. It can be your Facebook password or any other account. When you enter a pin at your ATM, that pin is also an eSignature. Developed in the mid-9th century, it was mostly used by bankers to transmit and receive important, signed documents but no more. Now is the age of Digital signature.
So, what is Digital Signature? Digital signature simply is a type of electronic signature that employs asymmetric encryption with invisible digital codes, generating a unique signature certificate with the main purpose to verify the integrity of any digital documents.
According to Techopedia,
A digital signature guarantees the authenticity of an electronic document or message in digital communication and uses encryption techniques to provide proof of original and unmodified documentation.
As a matter of fact, the reason that eSignature was not secure, digital signature came into existence. It was developed with the aim to enforce more security and prevent outside forgery. History of the digital signature can be traced back to 1970s. The first algorithm was invented in 1976, but it really was not effective until 1988.
That being said, all digital signatures are electronic signatures. However, vice versa is not true.
A digital signature is an asymmetric process which contains a key pair; private as well as a public key which is not owned by any other individual other than you. There are different vendors which provide a digital signature. Generally, they provide a digital signature stored in a pen drive similar device which contains the private as well as a public key. After receiving it, we need to register our digital signature. We can do so by uploading our information along with our public key to the government so that they can verify authentication of our digital information in future.
On the other hand, there are other private companies like DocuSign who also offer their own digital signature implementing their own encrypting algorithm.
After the completion of registering, our digital signature is ready. However, it does not mean that using digital signature is secured because digital signature itself is not encrypted. Now comes the use of a hash function which helps to encrypt our digital signature. So how does it really work?
First, the sender generates code of unsigned certificate using a hash algorithm. In term of a third party, the unsigned certificate contains user id, user’s public key and as well as information concerning the CA. When we sign our digital signature on the document we want, the system freezes our document or information.
Following this, the digital signature creates a code which is called digest using our private key. Keep in mind that private key is used for authentication. Even if a small difference such as comma produces a different digest. This way, our digital signature gets encrypted using a hash function.
After our document is received by the receiver, s/he decrypts it with the help of the public key received by the receiver and is decrypted by using the same hashing algorithm used by the sender.
The public key then generates a Digest again. If thus generated digest matches with the previously generated one, only then it is verified that the document has not been forged by anyone other than the creator or owner. Only then the message or information can be read.
On the contrary, if the digest does not match then the receiver will know that the message has been tampered with. This entire process is called hash function, and it is very important step because it helps in verification of the originality of the document.
An example of a digital signature can be taken from our email. Software companies like Apple, Google, Gmail has already configured in our system.
Youtube: How Digital Signature work
The main difference between Digital and eSignature is that digital signature is more secure and is authorized by certification authorities while on the other hand eSignature do not have any such kind of authority for the purpose of verification.
Another interesting feature of Digital signature is, the signature can be traced back to the signer’s identity and even the time can be known when an electronic document, transaction or message was signed. Also, the status of those electronic documents can also be known. But there is no such mechanism regarding eSignature.
Thus a digital signature helps authenticate the identity of the owner or creator of the digital documents.
For example: When you create a document with a digital signature, it binds a fingerprint [but not literally] of the document to your identity.
Electronic signature employs a symmetric system whereas digital signature employs the asymmetric system. For instance, while using our ATM pin, we have to use the one provided by the bank. There is only one pin for verification unlike in digital signature in which there are two keys; private and public.
While both electronic and digital signature are legally binding, it depends how secure you want your information or message to be.