What’s a digital signature?

What’s a digital signature?

A digital signature is a specific type of e-signature that complies with the strict legal regulations — and provides the highest level of assurance of a signer’s identity.

A digital signature is a specific type of e-signature that complies with the strict legal regulations — and provides the highest level of assurance of a signer’s identity.

What are the benefits of digital signatures?

Trusted and compliant.

Trusted and compliant.

 

Certificate-based digital IDs come from accredited providers to meet compliance. Identity must be proven before obtaining.

Protected.

Protected.

 

Your digital signature and the PDF document are cryptographically bound and secured with a tamper-evident seal.

Unique to you.

Unique to you.

 

Use a unique digital certificate and PIN to easily validate your credentials and identity.

Easy to validate.

Easy to validate.

 

The signed document and your digital signature can both be revalidated for more than 10 years. 

What makes digital signatures so secure?

 

With a digital signature, every signer is issued a certificate-based digital ID by a trusted certificate authority (CA), while signing is backed by public key infrastructure (PKI) technology. This makes digital signatures ideal for transactions that need more advanced authentication.

What’s the difference between digital signatures and electronic signatures?

 


To put it simply, electronic signature (or e-signature) is a broad term referring to any electronic process that indicates acceptance of an agreement or a record. A digital signature is one specific type of e-signature.

 

Typical e-signature solutions use common electronic authentication methods to verify signer identity, such as an email address, a corporate ID or a phone PIN. If increased security is needed, multifactor authentication may be used. The best e-signature solutions demonstrate proof of signing using a secure process that includes an audit trail along with the final document. 

 

Digital signatures use certificate-based digital IDs to authenticate signer identity and demonstrate proof of signing by binding each signature to the document with encryption. Validation occurs through trusted certificate authorities (CAs) or trust service providers (TSPs).

Try Adobe Sign — the simple e-signature solution built for business growth.

See how easy it is for you, your customers and co-workers to send and sign documents electronically from any device or browser or within just about any popular application. With Adobe Sign, you can get important documents signed and delivered in minutes, not days.

Adobe Sign: Setting the global standard for compliance. 

Supports the broadest range of legal requirements.

Adobe Sign keeps you compliant, no matter your industry or where you do business. Our digital signature processes are US FDA 21 CFR Part 11 compliant and support rigorous requirements set forth under the EU’s eIDAS Regulation such as advanced electronic signatures (AdES) and qualified electronic signatures (QES). Plus, they provide comprehensive support for working with accredited certificate authorities (CAs) and qualified signature creation devices (QSCDs).

Supports the broadest range of legal requirements.

Adobe Sign keeps you compliant, no matter your industry or where you do business. Our digital signature processes are US FDA 21 CFR Part 11 compliant and support rigorous requirements set forth under the EU’s eIDAS Regulation such as advanced electronic signatures (AdES) and qualified electronic signatures (QES). Plus, they provide comprehensive support for working with accredited certificate authorities (CAs) and qualified signature creation devices (QSCDs).

Guidance for Industry.

Provides freedom to choose from hundreds of CAs.

Adobe’s standards-based approach gives you the freedom to choose from hundreds of trusted certificate authorities, so you can comply with the laws and regulations that govern your country or industry. With Adobe Sign, documents can be digitally signed, timestamped and validated using EU Trusted Lists (EUTLs) or the global Adobe Approved Trust List (AATL).

Provides freedom to choose from hundreds of CAs.

Adobe’s standards-based approach gives you the freedom to choose from hundreds of trusted certificate authorities, so you can comply with the laws and regulations that govern your country or industry. With Adobe Sign, documents can be digitally signed, timestamped and validated using EU Trusted Lists (EUTLs) or the global Adobe Approved Trust List (AATL).

Approved Trust List.

Assures compliance and flexibility in a single solution.

Need multifactor authentication for e-signatures? What about more rigorous certificate-based authentication for digital signatures? Adobe Sign has you covered. You can always get the security and authentication you need — and even combine e-signatures and digital signatures in the same workflow. One solution, maximum flexibility.

Assures compliance and flexibility in a single solution.

Need multifactor authentication for e-signatures? What about more rigorous certificate-based authentication for digital signatures? Adobe Sign has you covered. You can always get the security and authentication you need — and even combine e-signatures and digital signatures in the same workflow. One solution, maximum flexibility.

Assures compliance and flexibility.

The world’s first open, global, cloud-based digital signatures.

 

Our standards-based approach gives you everything you need to do business confidently — at home or abroad. With 6 billion signature transactions a year, we’re the world leader in secure digital documents. We drove the first open standards for digital signatures and now we’re setting global standards again for digital signing using mobile devices and the web with the Cloud Signature Consortium. Solutions are easy to use, easy to deploy and internationally compliant. That’s the Adobe difference.

Our standards-based approach gives you everything you need to do business confidently — at home or abroad. With 6 billion signature transactions a year, we’re the world leader in secure digital documents. We drove the first open standards for digital signatures and now we’re setting global standards again for digital signing using mobile devices and the web with the Cloud Signature Consortium. Solutions are easy to use, easy to deploy and internationally compliant. That’s the Adobe difference.

Adobe Sign digital signature FAQs


Documents signed digitally in Adobe Sign provide evidence of each participant’s signature within the document itself. During the signing process, the signer’s certificate is cryptographically bound to the document using the private key uniquely held by that signer. During the validation process, the reciprocal public key is extracted from the signature and used to both authenticate the signer’s identity through the CA and help ensure no changes were made to the document since it was signed. Audit trails provide additional valuable information, such as the signer’s IP address or geolocation.

Signer authentication is a compliance essential. But different countries and regions hold signatures to different standards. Adobe Sign digital signatures meet the highest level US FDA 21 CFR Part 11 requirements. As the first global vendor to support European Union Trusted Lists (EUTLs), we’ve made it possible for organisations everywhere to comply with the EU’s Electronic Identification and Trust Services Regulation (eIDAS). That’s what makes us the global digital signature leader

   

Learn more:

Adobe Sign and compliance

Global Guide to Electronic Signature Law

Adobe Sign and 21 CFR Part 11 compliance in biopharma

Yes. Adobe takes the security of your digital experiences very seriously. In addition to the high assurance methods described above, Adobe Sign is certified compliant with the world’s most rigorous security standards, such as ISO 27001, SOC 2 Type 2 and PCI DSS used in the payment card industry. It complies with a wide range of privacy regulations, including HIPAA, GLBA and FERPA in the US  

 

Adobe Sign also employs Adobe Secure Product Lifecycle (SPLC) practices, a demanding set of over 1,000 specific security activities spanning software development practices, processes and tools and integrated into multiple stages of the product lifecycle. Whether related to identity management, data confidentiality or document integrity, Adobe Sign protects your documents, data and personal information. To learn more, visit the Adobe Trust Centre.

With over 7 billion mobile devices on the planet, cloud applications gaining broad adoption and cyber threats at an all-time high, there is increasing market demand for secure digital solutions that also provide great user experiences. New electronic signature regulations — like eIDAS— are putting a spotlight on the need for high-assurance methods of authenticating the identity of people signing documents. The highest levels of compliance require certificate-based IDs stored on USB tokens or smart cards, but they’re complicated to enable and install, work with desktop computers only and don’t support today’s modern web applications or mobile devices.

 

To solve this problem, Adobe and other industry-leading organisations formed the Cloud Signature Consortium (CSC). Now, thanks to Adobe Document Cloud and the newly released open-standard API specification developed by CSC, organisations can deliver the highest level of compliance and great customer experiences on any device. If you’re a member of the Adobe Approved Trust List (AATL) or your certificates are qualified on the European Union Trusted Lists (EUTLs), you can apply to become a cloud signature partner.

Standards-based digital signatures in the cloud remove the barriers that have hampered adoption of electronic signatures in Europe and around the world. They accomplish the following:
 

  • Bring the highest levels of compliance to web apps and mobile devices
  • Meet market demand for simple-to-use, simple-to-deploy solutions
  • Enable compliance with the most rigorous legal and regulatory requirements, such as advanced electronic signatures (AdES) and qualified electronic signatures (QES) set forth in eIDAS
  • Eliminate the hassle of installing desktop software, downloading documents and plugging in USB tokens or smart cards
  • Provide a consistent, interoperable framework for working with digital IDs and signing solutions, so companies can invest in technology confidently, knowing they won’t be limited to working with just a few proprietary applications

Trust service providers are companies that offer a wide range of secure identity and transactions services, including certificate authority services. For example, the EU eIDAS Regulation defines a class of TSPs that are accredited to issue digital IDs in each of the EU member states. Documents signed with these IDs meet the highest level standard called qualified electronic signature (QES), which has the same legal value as a handwritten signature and ensures mutual recognition across all member states. Adobe Sign lets you work with your choice of TSPs to sign and timestamp documents, so you can comply with laws or regulations governing your specific country or industry. During the validation process, Adobe also confirms that the authorities being used in the document are trusted providers — approved through global, regional or industry-specific accreditation. Trust lists, such as the Adobe Approved Trust List (AATL) and the European Union Trusted Lists (EUTLs) are fully supported in Adobe solutions.

Certificate authorities issue and maintain digital identities. CAs confirm a signer’s identity in advance and then issue the certificate-based digital ID, private PIN and/or hardware security device (such as a USB token or smart card) used to create the digital signature. Using a CA provides assurance that the person with the digital ID is who they claim to be. A CA is sometimes a part of a portfolio of trust services offered by a commercial vendor. At other times, a CA is built and maintained internally by IT-provided services in a company or government organisation.

The Adobe Approved Trust List (AATL) is Adobe’s program enabling millions of people around the world to digitally sign documents in Adobe Document Cloud solutions — including Adobe Acrobat Reader, Adobe Acrobat and Adobe Sign — using the world’s most trusted digital IDs and timestamping services. Members of AATL are TSPs and CAs that provide certificate-based IDs and timestamping services to consumers and/or enterprises. In turn, those customers are enabled to sign, certify, timestamp and validate documents using Adobe Document Cloud software solutions. Each of these providers has met strict criteria before being accepted into the programme.

EUTLs are a public listing of over 170 active (and 40 legacy) TSPs, including Adobe, that are specifically accredited to provide the highest level of compliance with the eIDAS. These providers offer certificate-based digital IDs for individuals, digital seals for businesses and timestamping services that can be used to create qualified electronic signatures (QES). In eIDAS, only qualified signatures are legally and automatically equivalent to handwritten signatures. And, they are the only type of signature automatically recognised in cross-border transactions among EU member states. Of note: Each EU member state supervises providers in its own country, but once a TSP has been approved in one country, its services can be sold in other countries with the same level of compliance.

Digital signatures use public key cryptography, which relies on three types of providers to deliver the required technologies and services: solution, technology and service providers. Solution providers deliver signature platforms and document solutions. Technology providers deliver essential components like authentication technologies, mobile apps and hardware security modules (HSMs). Service providers act as certificate, registration or timestamp authorities and assist with compliance validation. Without a standard, providers are required to build their own proprietary interfaces and protocols. Doing so creates a dizzying array of compatibility questions and deployment limitations. A cloud-based digital signature standard ensures that providers across the industry can create consistent, interoperable experiences across the full range of user applications and devices.

Timestamps accurately record the time of a signing event. When used in combination with digital signature technology and in compliance with strict legal and regulatory guidelines, they provide strong legal evidence that a transaction took place at a specific point in time. They can also be configured to enable long-term validation (LTV) for up to 10 years to meet extended document retention requirements. Adobe Sign gives you an option to configure your signature solution with a built-in Adobe timestamp service with LTV that complies with rigorous regulations such as the EU eIDAS qualified requirements. Your solution can also be configured to work with other third-party timestamp services by request. Learn more about Adobe Trust Services.