Digital signatures explained.

What are digital signatures?

Digital signatures are the most advanced and secure type of electronic signature. You can use them to comply with the most demanding legal and regulatory requirements because they provide the highest levels of assurance about each signer's identity and the authenticity of the documents they sign. Digital signatures use a certificate-based digital ID issued by an accredited Certificate Authority (CA) or Trust Service Provider (TSP), so, when you digitally sign a document, your identity is uniquely linked to you, the signature is bound to the document with encryption, and everything can be verified using underlying technology known as Public Key Infrastructure (PKI).

Secure digital signature

What makes your digital signature so secure?

A digital signature is built to prevent tampering. It’s created, protected, and surrounded by the highest levels of security — from the time your certificate is issued to the time your signed documents are archived and beyond. Here are the main reasons your digital signature is so secure.

Your digital ID is trusted.

Compliant digital IDs come from accredited providers. You need to prove your identity before you can get one.

It all gets encrypted.

Your digital signature and the document you sign are encrypted together and bound with a tamper-evident seal.

It’s unique to you.

Every time you sign a document, you use your own, unique certificate and PIN to validate your credentials and prove you’re who you say you are. 

It’s easy to validate.

Both the signed document and your digital signature can be re-validated by a CA or TSP long after the signing event.

We invented the first digital signatures in PDF.

In 1999, we introduced the first digital signatures in Adobe Acrobat and Adobe Acrobat Reader. Then, we worked with experts and certificate providers across the industry to turn it into an open standard. Adopted by ETSI, the international standard known as PAdES (PDF Advanced Electronic Signatures) is now the basis for billions of signature transactions every year.
Cloud signatures advancing standards
Cloud signatures. Advancing standards again. 
Today, Adobe is leading the way as the first global vendor to deliver open, standards-based digital signatures for web and mobile. Together with industry experts in the Cloud Signature Consortium, Adobe is setting new global standards — and delivering real-world solutions — so you can work with high-assurance digital IDs that are easy to use, easy to deploy, and internationally compliant.

What else do you need to know?

Adobe Sign - Digital Signature FAQs

Is Adobe Sign secure?

Yes. Adobe takes the security of your digital experiences very seriously. In addition to the high assurance methods described above, Adobe Sign is certified compliant with the world’s most rigorous security standards, ISO 27001, SOC 2 Type 2, and PCI DSS used in the Payment Card Industry. It complies with a wide range of privacy regulations, including HIPAA, GLBA, and FERPA in the U.S.  
 
Adobe Sign also employs Adobe Secure Product Lifecycle (SPLC) practices, a demanding set of over 1,000 specific security activities spanning software development practices, processes and tools, integrated into multiple stages of the product lifecycle. Whether related to identity management, data confidentiality, or document integrity, Adobe Sign protects your documents, data, and personal information. To learn more, please visit the Adobe Sign Trust Center.

What problems do cloud signatures solve?

With over 7B mobile devices on the planet, cloud applications gaining broad adoption, and cyber-threats at an all-time high, there is increasing market demand for secure digital solutions that also provide great user experiences. New electronic signature regulations - like the European Union's Regulation on Identification and Trust Services (eIDAS)  - are putting a spotlight on the need for high assurance methods of authenticating the identity of people signing documents. The highest levels of compliance require certificate-based IDs stored on USB tokens or smart cards, but they're complicated to enable and install, work with desktop computers only, and don't support today's modern web applications or mobile devices.
 
To solve this problem, Adobe and other industry-leading organizations formed the Cloud Signature Consortium (CSC). Now, thanks to Adobe Document Cloud and the newly released open standard API specification developed by CSC, organizations can deliver the highest level of compliance and great customer experiences on any device.

Why are cloud signatures significant?

Standards-based digital signatures in the cloud remove the barriers that have hampered adoption of electronic signatures in Europe and around the world. They: 
  • Bring the highest levels of compliance to web apps and mobile devices.
  • Meet market demand for simple-to-use, simple-to-deploy solutions.
  • Enable compliance with the most rigorous legal and regulatory requirements (e.g., Advanced Electronic Signatures (AES), and Qualified Electronic Signatures (QES) in the EU eIDAS regulation).
  • Eliminate the hassle of installing desktop software, downloading documents, and plugging in USB tokens or smart cards.
  • Provide a consistent, interoperable framework for working with digital IDs and signing solutions, so companies can invest in technology confidently, knowing they won't be limited to working with just a few proprietary applications. 

What are Trust Service Providers (TSPs)?

Trust Service Providers are companies that offer a wide range of secure identity and transactions services, including certificate authority services. For example, the EU eIDAS regulation defines a class of TSPs that are accredited to issue digital IDs in each of the EU member states. Documents signed with these IDs meet the highest level standard called “Qualified Electronic Signature,” which has the same legal value as handwritten signatures and are assured mutual recognition across all member states. Adobe Sign lets you work with your choice of TSPs to sign and timestamp documents, so you can comply with laws or regulations governing your specific country or industry. During the validation process, Adobe also confirms that the authorities being used in the document are trusted providers—approved through global, regional, or industry-specific accreditation. Trust lists, such as the Adobe Approved Trust List (AATL) and the European Union Trusted List (EUTL), are fully supported in Adobe solutions.

What is EUTL?

European Union Trusted Lists (EUTL) is a public list of over 170 active (and 40 legacy) Trust Service Providers (TSPs) that are specifically accredited to provide the highest level of compliance with the EU eIDAS regulation. These providers offer certificate-based digital IDs for individuals, digital seals for businesses, and timestamping services that can be used to create Qualified Electronic Signatures (QES). In eIDAS, only qualified signatures are legally and automatically equivalent to handwritten signatures. And, they are the only type of signature automatically recognized in cross-border transactions among EU member states. Of note: Each EU member state supervises providers in its own country, but once a TSP has been approved in one country, their services can be sold in other countries with the same level of compliance.

What is the difference between digital signatures and electronic signatures?

Electronic signatures, or e-signatures, refer broadly to any electronic process that indicates acceptance of an agreement or a record. The term digital signature is frequently used to refer to one specific type of electronic signature.
  • Typical e-signature solutions use common electronic authentication methods to verify signer identity, such as email, corporate IDs, or a phone PIN. Multifactor authentication is used when increased security is needed. The best e-signature solutions demonstrate proof of signing using a secure process that includes an audit trail along with the final document.
  • Digital signatures use a specific type of electronic signature. They use a certificate-based digital ID to authenticate signer identity and demonstrate proof of signing by binding each signature to the document with encryption — validation is done through trusted certificate authorities (CAs) or Trust Service Providers (TSPs).
Signature types are linked with signature laws and regulatory requirements. Learn how they're used to help create legally-binding electronic signature processes.

Can you provide specific use case examples where digital signatures are used today?

Digital signatures are most commonly associated with higher value, higher risk, or regulated business processes. E.g. 
  • Mortgage specialist at a bank who approves large value loans
  • A bank, which issues digital IDs to all of their customers to enable easy digital signing for all-important transactions that require signatures. 
  • An HR manager responsible in a highly regulated country or industry, responsible for onboarding and off-boarding employees.
  • A doctor signing a document that contains medical information or prescriptions for a patient under his or her care. 
  • A government employee approving a citizen's application for benefits. 
  • A vendor responding to a bid with assertions of quality and safety of products bid.

Why is an open standard required for cloud-based digital signatures?

Digital signatures use Public Key cryptography, which relies on three types of providers to deliver the required technologies and services: solution, technology, and service providers. Solution providers deliver signature platforms and document solutions. Technology providers deliver essential components like authentication technologies, mobile apps, and hardware security modules (HSMs). Service providers act as certificate, registration, or timestamp authorities and assist with compliance validation. Without a standard, providers are required to build their own proprietary interfaces and protocols. Doing so creates a dizzying array of compatibility questions and deployment limitations. A cloud-based digital signature standard ensures that providers across the industry can create consistent, interoperable experiences across the full range of user applications and devices.

What is a Certificate Authority (CA)?

Certificate Authorities are trusted companies or IT-provided services that issue and maintain digital identities. CA’s confirm a signer’s identity in advance, and then issue the certificate-based digital ID, private PIN, and/or hardware security device (such as a USB token or smart card) used to create digital signatures. The CA assures that the person with the digital ID is who they claim to be. 

What is AATL?

The Adobe Approved Trust List (AATL) is an Adobe-sponsored program that enables millions of people around the world to digitally sign documents in Adobe Document Cloud solutions --including Adobe Acrobat Reader, Adobe Acrobat, and Adobe Sign --using the world's most trusted digital IDs and timestamping services. Members of AATL are Trust Service Providers (TSPs) and Certificate Authorities (CAs) that provide certificate-based IDs and timestamping services to consumers and/or enterprises. In turn, those customers are enabled to sign, certify, timestamp, and validate documents using Adobe Document Cloud software solutions. Each of these providers has met strict criteria before being accepted into the program.
Adobe online services are available only to users 13 and older and require agreement to additional terms and the Adobe Privacy Policy. Online services are not available in all countries or languages, may require user registration, and may be discontinued or modified in whole or in part without notice. Additional fees or subscription charges may apply.