What Is a Digital Signature and How Does It Work?

A digital signature helps businesses keep important and sensitive documents secure. This guide will help you understand what a digital signature is and how you can start using them.

Updated July 30, 2020

Businesses face a lot of threats online. Malicious cyber activity cost the economy between $57 billion and $109 billion in 2016 alone, according to a White House report. For the victim company, the average adverse cyber event costs more than $7,000.

Digital signatures have emerged as one way to protect sensitive business documents. These signatures make sure that any sensitive information you share online will be seen only by the intended recipients.

These digital signatures go a lot further than an electronic signature (and they are quite different from a wet signature). Here are some of the benefits of digital signatures and how to make them a bigger part of your business.

Overview: What is a digital signature?

A digital signature is a way to "seal" a document sent digitally and proves to the recipient that it hasn't been altered and is officially approved by you. These virtual fingerprints are unique to the sender and are not merely your handwriting like a typical signature. In fact, it may not feature your handwriting at all.

It is an encrypted stamp that can only be decrypted by the recipient, ensuring it is not intercepted and modified in transit. If the recipient gets the transmission and the digital signature does not match up with the digital certificate, then the document has been compromised.

A digital signature’s encryption is primarily what separates it from electronic signatures.

How does a digital signature work?

Digital signatures create a "hash" of the message. A hash is a string of numbers and letters that are pulled from the message, file, or document based on a mathematical algorithm.

The hash is unique to the file, and any changes after the hash is created would change the hash. The sender signs the message or file digitally and then sends it to the recipient, who also generates a hash and then decrypts the sender's hash using the public key provided by the sender.

The hashes are compared, and if they match, the message is considered authentic.

Before creating your own digital signature, learn a few key terms as described by the Cybersecurity and Infrastructure Security Agency (CISA):

  • Hash function: As noted above, the hash function is the unique fixed-length string of numbers and letters created by an algorithm that prevents it from being altered without detection.
  • Public key infrastructure (PKI): A PKI is all of the policies, people, and systems that are involved in validating the identity of a digital signature certificate.
  • Pretty Good Privacy (PGP)/OpenPGP: Instead of using a PKI, users can go with a PGP/OpenPGP indicating they are allowing other users to sign certificates instead using interconnected signatures to verify a user on the internet. It is also referred to as the "Web of Trust."
  • Certificate authority (CA): A CA is a third party that validates the identity of the sender and creates a public/private key pair for them. The CA is the entity that digitally signs the digital certificate once the identity of the sender is verified.
  • Digital certificates: The digital certificates contain the public key and are signed by the CA.

So, why would you want a digital signature? After all, you know the company or individual in question. Is it really necessary? Here are a few reasons why a digital signature is a must if you are dealing with any legal or business documents online.

  • It's faster: Paper documents are a hassle. You have to print them out, sign them, and then mail, fax, or scan them. Digital signatures take just a few seconds to complete and don't require any extra trips or steps.
  • It's convenient: You can digitally sign documents no matter where you are and no matter what time of day. If you're out sailing and get an urgent request to sign a document, you can sign it right there as long as your phone has a few bars.
  • It's more accurate: Digital forms often use fields that check to make sure that what is entered is correct. For example, it wouldn't let you enter letters into a field that requires numbers, or it limits you to 10 digits when you enter a phone number. Paper documents have no such restrictions, and therefore mistakes are more common.
  • It's more secure: Security breaches are one of the top threats to businesses. Digital signatures prevent the compromise of sensitive business and legal documents. In addition to being the best way to secure electronic documents, they also provide a level of security you can't get with paper documentation.
  • It’s in accordance with document management best practices: By creating a digital signature protocol, you put everyone on the same page as far as proper usage of documents, which in turn creates more consistency when it comes to documentation.

How to create a digital signature

In order to use this process, you must digitally sign files with specialized software. These software solutions use hashes, public keys, encryption, and certificates that would be difficult for most people to create themselves. However, you can create your own digital certificates through services such as Sectigo.

Sometimes when people use the term “digital signature,” what they really mean is an electronic signature, which is when you use software to “sign” a document online.

Several software options create electronic signatures or digital signatures — and sometimes both. These step-by-step instructions will help you navigate each of them.

Creating a digital signature with Adobe

Adobe uses Adobe Sign to digitally sign PDF documents.

  1. Click on "Sign > Work with Certificates" to open a panel allowing you to apply certificate-based signatures.
  2. Choose either "Certify" or "Sign With Certificate." The former is for those who want a high level of control of the document since you must certify the documents before others can sign.
  3. If you don't have a certificate, click on the "Edit" menu and choose "Preferences > Signatures." Click "More" and then "Identities & Trusted Certificates." Select Digital IDs on the left and click Add ID. The software will take you through the process.

Creating a digital signature with DocuSign

DocuSign is a popular free digital signature option, and the process is straightforward for signers.

  1. Click the link when you receive the document, which will open it in DocuSign.
  2. Review the agreement and sign or initial in the indicated areas by clicking the tags.
  3. Verify your identity and approve the signature.

Creating a digital signature with Microsoft Office

You can digitally sign both documents and spreadsheets in Microsoft Office.

  1. Click on an area in a document or spreadsheet where you want to create a signature line.
  2. Click on "Insert," open "Text," then "Signature Line," and then "Microsoft Office Signature Line."
  3. Fill out the Signature Setup dialog box, including the signer's name, title, and email address. Provide instructions to the signer if you want.
  4. Choose whether you want to allow the signer to add comments in the Sign dialog box and whether you want to show the sign date in the signature line.

Creating a digital signature with HelloSign

HelloSign is a free electronic signature service that allows you to create simple signatures for either yourself or others. It does not create digital signatures.

  1. Create an account.
  2. Upload a document.
  3. Choose who should sign the document.
  4. Drag and drop signature fields into the document.
  5. Sign the document and send it out for others to sign, if applicable.

Try out some software to start using digital signatures

If you’d like to create your digital signature processes, check out some electronic signature software options. This software can help with other tasks, such as business document management or creating an electronic filing system.

Keep in mind the difference between electronic and digital signatures. The former is attached to a contract or other record to show that the person agreed to what is described in the document, while the latter guarantees the document is authentic and has not been tampered with or accessed by unauthorized parties.

Look for software that specifically creates digital signatures and not merely electronic ones.

LOTS TO CONSIDER, LET US HELP

Get The Blueprint’s latest recommendations by signing up to our free newsletter.

Email

The Motley Fool has a Disclosure Policy. The Author and/or The Motley Fool may have an interest in companies mentioned. Click here for more information.