The advantages of digital signatures are obvious: efficient processes without media discontinuity, quicker contract conclusion, and higher conversion rates, as well as no costs for paper consumption, logistics, scanning, printing, and dispatch by post. What a digital signature is, which types exist, and how they work and are used, you will learn in this guide.
The term digital signature originates from computer science and cryptography. A digital signature describes a mathematical procedure, the so-called public-private key procedure. In this procedure, the person signing uses a private signature key to generate and calculate a value on a digital document. With the help of a public and freely available verification key (public key), the authenticity and integrity of the signing person can be verified on the digital document. The public verification key must be assigned to this person to assign the digital signature with the signature key.
What is the difference between a digital signature and an electronic signature?
While the digital signature describes a cryptographic procedure and its technical implementation and generation, the electronic signature is a legal term. The EU eIDAS Regulation defines in Article 3 No.10 electronic signatures as "data in electronic form which are attached to or logically associated with other electronic data and which are used by the signatory to sign." Although digital and electronic signatures are often used as synonyms, they differ in technical implementation, technological standards, and legal and geographical acceptance. Ideally, a digital signature should:
Provided these requirements are met, a digital signature is called an electronic signature. This is why three different types of electronic signatures have become established in the European legal area based on the eIDAS Regulation and the Swiss federal law ZertES.
The simple electronic signature is a digital signature with deficient liability and evidential value. There is no legal basis or specified requirements for creating this type of signature.
The advanced electronic signature is a digital signature without legal anchoring. According to the eIDAS Regulation, an advanced signature enables unique identification and assignment of the signatory (non-repudiation and authenticity) and the recognition of a subsequent change on an already signed digital document (integrity). This type of signature has a high probative value but a lower liability, as there are no legally recognized validation options, and the legislator allows broad scope for the design of the advanced signature.
The qualified electronic signature is a digital signature with a legal basis according to the EU regulation eIDAS and the Swiss federal law ZertES. It has a very high probative value and liability, is equal to the handwritten signature by law, and can be verified via a validator. Examples of these legally recognized validation options are the validator of the Swiss Federal Administration or the DSS Demonstration WebApp by the European Commission. Only the qualified electronic signature guarantees the integrity of a digital document and the authenticity of the signatory in the long term.
The technical basis for the electronic signature is a public-private infrastructure (PKI).
To create an electronic signature, the PKI uses a cryptographic algorithm to generate a key pair with two keys for the person signing, which has a certain length in the coding. One of the keys is public, and the other is private. In addition, this key pair must be uniquely assigned to the signing person to verify the electronic signature. For this purpose, the signing person must be uniquely identified once. In this identification process, the public key is linked to the person, and they authorize it with the private key.
Suppose the person wants to sign a digital document electronically in a signature application of Swisscom Trust Services' partners. In that case, the document's hash value is signed by the person using the private key. This hash value was generated in advance by the signature application according to a specific algorithm and is now forwarded signed to a trust service provider such as Swisscom Trust Services. Swisscom Trust Services ensures that the existing public key belongs to the signing person and, if successful, signs the hash with an electronic certificate and timestamp. The hash value is then sent back to the signature platform, and the person confirms the electronic signature on the document using 2-factor authentication.
The technical encryption of an electronic signature makes it possible to guarantee the document's integrity and the authenticity of the person on the digital document. In other words, once an electronic signature has been applied, the document can be checked for authenticity and can no longer be changed. The electronic signature can also be used to verify the unique identity of the signatory afterward.
Due to the shortage of skilled workers, many sectors are in the so-called "war of talents." In this context, the time factor must be addressed. Time and again, companies run the risk of an applicant receiving a better offer while the employment contract is on its way by post. Although the application documents and the interview are submitted online, the complete digital onboarding of a new employee often fails because of the manual signature on the employment contract. This can be digitally mapped with the use of an electronic signature.
The industry experts at Swisscom Trust Services will analyze your needs, challenges, and previous processes before preparing a proposal. Depending on the use case, this can include integrating a standardized partner solution or a development tailored to the use case.
According to the Anti-Money Laundering Act (AML) regulations, a customer must be identified when opening an account. Traditionally, this was done in person at the bank branch. Although direct and online banks have been offering the option of online identification for some time, they provide the necessary applications and documents for opening an account to the customer by post so that they sign them by hand. This media disruption can be prevented with the help of an electronic signature, as the customer can submit a legally secure and digital declaration of intent in this way.
The industry experts at Swisscom Trust Services will analyze your needs, challenges, and current processes before preparing a proposal. Depending on the use case, this can include integrating a standardized partner solution or a development tailored to the use case.
Which type of electronic signature do I use for which application? The choice of the right signature type depends on the industry-specific regulatory requirements or internal guidelines in a company. Below are a few possible examples of use cases for the different types of electronic signatures.
Type of signature |
Liability and probative value |
Examples of regulatory requirements |
Examples of documents |
Qualified electronic signature |
Very high |
|
|
Advance electronic signature |
High |
|
|
Simple electronic signature |
Low |
|
|
In the context of the electronic signature, the term electronic seal is also used. An electronic seal is technically based on the same procedure as an electronic signature. The differences lie in the application and legal validity. While natural persons exclusively use electronic signatures to sign digital contracts, electronic seals are only used by legal persons (organizations). Electronic seals enable companies to reproduce their company stamp or the official seal in the digital space. With the help of electronic seals, the original origin and the integrity and authenticity of the legal entity (company) can be proven on a document.