Internet, Networking, & Security Around the Web What is an Electronic Signature? E-signature basics to help you go paperless By Jerri Ledford Writer, Editor Jerri L. Ledford has been writing about technology since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. our editorial process Twitter LinkedIn Jerri Ledford Updated December 24, 2019 Around the Web How to Get a VPN Tweet Share Email An electronic signature is a bit of data that refers to other electronic data, and is used to verify that a person intended to sign a document, that the signer’s identity was verified, and that the document did not change after the signature was appended. Of course, that makes it all sound fairly simple, but there’s much more that goes into understanding electronic signatures. Here’s what you need to know about electronic signatures, including how they can make your life much easier. What is an Electronic Signature? As mentioned above, an electronic signature is technically data about data that proves a person’s intent to sign something, whether it is a legally binding contract, such as a lease or rental agreement, or something else like a timesheet, invoice, or insurance contract. Electronic signatures have been valid in the court’s eyes for quite some time, and have come into common use as more and more data is transmitted from one place to another electronically. However, not all electronic signatures are the same, so it’s important to understand a few key differences before you start using e-signatures to sign everything that comes your way. The Technology Behind Electronic Signatures According to the ESIGN Act of 2000, “The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” What’s important in that definition is the phrase “with the intent to sign the record,” because in order for an electronic signature to be valid, a process needs to be in place to capture and retain proof that the signature was rendered with intent. That’s where technology comes in. How Digital Signatures and an Electronic Signatures Differ It’s also important to understand that the terms ‘electronic signature’ and ‘digital signature’ may be used interchangeably, but they are not the same. A digital signature is the cryptographic technology used to verify and record the intent to sign when an electronic signature is used. The most common way digital signatures do this is with Public Key Infrastructure (PKI). The best way to think of PKI is to consider having two keys that you only use when signing important documents. One key belongs to you exclusively and no one else can access it. In order to obtain that key, you have to provide proof of who you are either using your own security certificate or through someone (like a third-party signing provider) who holds a security certificate. When you create an electronic signature, you can then lock the signature with that key. When you lock the signature, information is captured, including: who you are, how your identity was verified, a timestamp, and a long number (called a hash) that is associated with the second key. When you send the electronic document, with your electronic signature on it, the recipient also receives the second key—called a public key. If the key is used in a mathematical equation to determine a number of things including if the number your key generated matches, if the recipient is authorized to access that document, and if the document has been tampered with in any way since you signed it. Acdx [CC BY-SA 3.0] If everything matches then the signature is considered a valid, legally binding signature. If, on the other hand, if something doesn't match or the document was tampered with, the signature becomes invalidated. Attached to that signature is the data that is required to prove your intent to sign and your identity so that if there is ever a legal question about your signature on the document, it can be proven in court that your signature is binding. Knowing all that, it’s also important to understand that not all electronic signatures are the same, nor do they have the same level of security. Different Types of Electronic Signatures There are three common types of digital signatures: The process described above for creating an electronic signature is one that is commonly used by electronic signature providers such as DocuSign and HelloSign. It’s what is called an Advanced Electronic Signature (AES) or a Qualified Electronic Signature (QES). It’s the most secure type of electronic signature available. A step down from that are basic electronic signatures, which are still protected by cryptographic key, but rather than you personally holding one key while the recipient has the other, your key is held on an electronic server. These are considered witness signatures, and documents are still protected from tampering or changes once a signature has been applied, but the cryptographic element used isn’t necessarily PKI.The least secure method of electronic signatures is the click to sign method. Essentially, it’s providing a tick in a box, a scanned image of your real signature, or a typed name as a method of signing. These types of signatures are often not protected by any cryptographic method, which means the document can be changed once the signature is applied. Learn How to Sign a PDF Electronically (It's Easy!) Electronic signatures are a great way to quickly sign important documents without the hassle of having to be somewhere in person or the wait of having to send a signed document through the mail or a carrier service. As long as you know the basics, you can use electronic signatures confidently, knowing that your signature is still a binding agreement.