AdvisorFacts about digital signatures

The advantages of digital signatures are obvious: efficient processes without media discontinuity, quicker conclusion and higher conversion of contracts. This guide explaines what a digital signature is, what types exist and how they work and can be used.

What is a digital signature?

The term digital signature originates from computer science and cryptography. A digital signature describes a mathematical procedure, so-called public-private key infrastructure. In this procedure, the person signing uses a private signature key to generate and calculate a value on a digital document. With the help of a public and freely available verification key (public key), the authenticity and integrity of the signing person can be verified on the digital document. In order to assign the digital signature with the signature key used to this person, the public verification key must be assigned to this person.

Digital vs. electronic signature: essential requirements

What is the difference between a digital signature and an electronic signature?

While the digital signature describes a cryptographic procedure and the technical implementation and generation of it, the electronic signature is a legal term. The EU eIDAS Regulation describes in Article 3 No.10 electronic signatures as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. Although digital and electronic signatures are often used as synonyms, they differ in technical implementation and technological standards as well as legal and geographical acceptance.

Ideally, a digital signature should:

  • comply with the legal requirements of the EU Regulation eIDAS or the Swiss Federal Law ZertES,
  • use an electronic certificate,
  • include the identity of the signatory to guarantee authenticity, and
  • prove that the digital document cannot be changed after the signature has been put on to it.

If these requirements are fulfilled, a digital signature is referred to as an electronic signature in this context. For this reason, three different types of electronic signature have become established in the European legal area on the basis of the eIDAS Regulation and the Swiss federal law ZertES.

Types of electronic signatures

Simple electronic signature

The simple electronic signature is a digital signature with very low liability and evidential value. There is no legal basis or specified requirements for the design of this type of signature.

Advanced electronic signature

The advanced electronic signature is a digital signature without legal foundation. According to the eIDAS Regulation, an advanced signature enables unique identification and assignment of the signatory (non-repudiation and authenticity) as well as the recognition of a subsequent change on an already signed digital document (integrity). This type of signature has a high probative value, but a lower liability, as there are no legally recognised validation options and the legislator allows a wide scope for the design of the advanced signature.

Qualified electronic signature

The qualified electronic signature is a digital signature with a legal foundation according to the EU regulation eIDAS and the Swiss federal law ZertES. It has a very high evidential value and liability, is equal to the handwritten signature by law and can be verified via validators. Examples of these legally recognised validation options are the validator of the Swiss Federal Administration or the signature verification of the Austrian Rundfunk und Telekom Regulierungs-GmbH. Only the qualified electronic signature guarantees the integrity on a digital document and the authenticity of the signatory in the long term.

How does a electronic signatures and its encryption work?

The encryption

The technical foundation for the electronic signature is a Public-Private Infrastructure (PKI).

To create an electronic signature, in the PKI a cryptographic algorithm generates a key pair with two keys for the person signing, that has a certain length in the coding. One of the keys is public and the other is private. In addition, this key pair must be uniquely assigned to the signing person in order to verify the electronic signature. For this purpose, the signing person needs to get identified once. In this identification process, the public key is linked to the person and he or she authorises this process with the private key.

The electronic signature on the digital document

If the person wants to sign electronically a document in a signature application of Swisscom Trust Services’ partners, the hash value of the document is signed by the person using the private key. This hash value was generated in advance by the signature application according to a specific algorithm and is now forwarded signed to a trust service provider such as Swisscom Trust Services. Swisscom Trust Services ensures that the existing public key belongs to the signing person and, if successful, signs the hash with an electronic certificate and time stamp. The hash value is then sent back to the signature platform and the person confirms the electronic signature on the document using 2-factor authentication method.

Importance of encrypting an electronic signature

The encryption of an electronic signature ensures to guarantee the integrity of the document and the authenticity of a person on the document. In other words, once an electronic signature has been applied, the document can be checked for authenticity and can no longer be changed. The electronic signature can also be used to verify the unique identity of the signatory afterwards.

Application areas of electronic signatures

Junge Frau Sitzt In Einem Sofa Und Liest Auf Ihr Tablet Computer.

Elektronische Signatur auf Arbeitsverträgen

Due to the current shortage of skilled workers, many sectors are currently in the so-called “war of talents”. Perfect timing and speed is of high importance. for instance, companies run the risk of an applicant receiving a better offer while the employment contract is on its way by post. Although the submission of the application documents and the interview already take place online, the complete digital onboarding of a new employee often fails because of the manual signature on the employment contract. With the use of electronic signature this process can be easily digitise.

The industry experts at Swisscom Trust Services will analyse your needs, challenges and previous processes before preparing a proposal. Depending on the use case, this can consist of the integration of a standardised partner solution or a development and implementation of the industry-specific use case.

Learn more
Bürogebäuden In London, UK.

Digital opening a bank account

According to the regulations of the Money Laundering Act (GWG), a customer must be identified when opening an account. Traditionally, this was done in person at the bank branch. Although direct and online banks have been offering the possibility of online identification for some time, they provide the necessary applications and documents for opening an account by post for the customer to sign by hand. This media disruption can be prevented with the help of an electronic signature, as the customer can submit a legally secure and digital declaration of intent in this way.

The industry experts at Swisscom Trust Services analyse your needs, your challenges and your existing processes before preparing a proposal. Depending on the use case, this can consist of the integration of a standardised partner solution or a development and implementation of your industry-specific use case.

Learn more

Legal validity of electronic signatures

Which type of electronic signature do I use for which application? The choice of the right signature type depends on the industry-specific regulatory requirements or internal guidelines in a company. Below you will find a few possible examples of areas of application for the different types of electronic signature.

Type of signature

Liability & evidential value

Examples of regulatory requirements

Examples of documents

Qualified electronic signature

 Very high
  • Contracts that require the written form (e.g. gemäss §126 BGB  in Germany)
  • Documents to be submitted to the Swiss Financial Market Supervisory Authority FINMA
  • Loan contract
  • Employee leasing contract
  • Electronic bank statements from business account
  • Electronic prescription in health care

Advanced electronic signature

 High
  • Contracts that do not require the written form (e.g. §126 BGB in Germany)
  • mobile phone contract
  • rental agreement

Simple electronic signature

 Low
  • No legal requirements
  • internal company documents

Electronic signature vs. seal

In the context of the electronic signature, the term electronic seal is also used. An electronic seal is based on the same technical foundation as an electronic signature. The differences lie in the application and legal validity. While natural persons exclusively use electronic signatures to sign digital contracts, electronic seals are only used by legal persons (e.g. companies). Electronic seals enable companies to reproduce their company stamp or the official seal in the digital space. With the help of electronic seals, the original origin as well as the integrity and authenticity of the legal entity (company) can be proven on a document.

Are you
interested?

Get in contact with an expert

Zoom