Electronic Signature: 5 Questions & Answers

TLS 1.2 email encryption according to GDPR

Solving the encryption issue with TLS 1.2

9. May 2019

Companies around the world are optimising their workflows in terms of digitization. Whoever deals with the topic of digital transformation will sooner or later encounter the buzzword "electronic signature". But what is this exactly? The article answers five questions about electronic signatures.

1. What is an electronic signature?

According to the Swiss Federal Office of Communications OFCOM, an electronic signature is a technical procedure which makes it possible to guarantee the authenticity of a document, a message or other electronic data and to ensure the identity of the signatory.
(Source: OFCOM)

The electronic signature (e-signature) is therefore a digitally created signature. It contains algorithms to generate these signatures uniquely and to ensure the integrity of the content. It is therefore traceable by whom, which content was signed.

2. What are the advantages of an electronic signature?

No mediabreak: The sender often sends a document to be signed by e-mail. The recipient prints the document, signs it, scans it again and sends it back by e-mail. With the electronic signature, such a media break no longer occurs and the efficiency can be increased.

Global: It doesn't matter where the signing person may be in the world. The document can be signed quickly and at any time. There is no need for time-consuming and expensive mailing.

Legally compliant proof: You have control over who signed what and when. Print screens or printouts of e-mails can be manipulated and are not a legal proof (see article on e-mail misunderstandings & half-truths). With an electronically signed and sealed document, it is almost impossible to change the content. Also, the identity of the person who electronically signed the document can be clearly identified.

3. Is an electronic signature legally valid?

Whether an electronic signature is legally valid depends on the type of signature. The following types of e-signature exist:

Simple electronic signature: Contains information only on the identity of the author in electronic format. For example, a scanned handwritten signature or a click on the "Buy Now" button in an online shop. The identity of the signatory cannot be proven without any doubt.
Advanced electronic signature: This type of electronic signature adds a certificate to the personal information to seal the content of the document together with the inserted personal information. With a certificate (server certificate) the signature can be therefore be assigned to the signer. By using this method, the integrity of the document can be verified at any time. Signer-related data is also recorded and sealed as part during the signature process. A common application area for an advanced signature are typical business processes (rental business, cost estimates, checklists and complex order forms).
Qualified electronic signature: Is an advanced electronic signature that also features a qualified certificate. The qualified electronic signature is uniquely assignable to a person. Qualified certificates are only given on submission of ID / passport documents. The legal framework specifies when a qualified electronic signature is mandatory (for approx. 5% of all contracts). For example, contracts in the area of financing or banking.

As a result, advanced electronic signatures and qualified electronic signatures are legally effective under consideration of the legal requirements. Interesting: the eIDAS Regulation (Article 25, paragraph 1) states that a signed document does not become invalid when the wrong level of an electronic signature has been used. Excluded from this, however, are those areas where a qualified signature is legally required by law.

4. Is a scanned signature comparable to an electronic signature?

It depends. The scanned signature and the simple electronic signature are equivalent. But an advanced or qualified electronic signature is not the same thing as a scanned signature. Because in this case checksums are computed and usedfor verification. This checksum is generated by the sender when signing the electronic file and is encrypted with a private key. The recipient decrypts the checksum with the corresponding public key. If the checksums match, both parties can be sure that the integrity (unchanged content) of the document is guaranteed. These factors do not apply to a scanned signature or a simple electronic signature.

5. Is an electronic signature the same thing like a digital signature?

The term electronic signature describes the entire process in which the consent to a contract is expressed. The digital signature is a part of the electronic signature and describes the process of checksum creation and encryption.