Secure your documents with Digital Signatures Part 1
The webPDF portal allows you to apply digital signatures to PDF documents. The Digital Signature service, based on the Signature web service, enables documents to be digitally signed and certified. This allows internal and external communication processes to be handled electronically in a structured and traceable way.
What is a digital signature?
Many documents are now sent digitally. This also includes: application documents, payment orders, applications to authorities, invoices, tax returns or contracts. A qualified digital signature replaces the handwritten signature for such documents and it should then be technically possible to check the trustworthiness, origin and integrity of the document.
What forms of digital signatures are there?
-
Digital signature: A digital signature protects a message or document by means of cryptographic procedures, for example by combining a checksum with a key. It serves as an electronic signature for a message or document and helps verify authenticity and origin. Trustworthiness can be checked electronically. In addition, the signature should be combined with a reliable timestamp, because a system clock can be manipulated.
-
Digitized handwritten signature: This is something completely different from a digital signature. It is usually an image or scan of a signature, seal or stamp. Such a signature can theoretically be changed afterward and is therefore generally not considered sufficiently secure for legally sensitive documents. Documents with high legal relevance should use a qualified electronic signature.
How does the encryption technology of the digital signature work?
Digital signatures are based on the principles of cryptography, in particular asymmetric cryptographic methods. Cryptography is the science of encrypting information.
If a document is to be protected with a digital signature, a key pair is used. It consists of a private key and a public key. Both keys only work together. The public key must be clearly assigned to a person or organization by means of an electronic certificate. This is done via trusted providers, allowing the identity of the signer to be verified. Digital certificates required for this key technology must therefore be issued by trustworthy organizations such as a certificate authority.
Note: In the related articles Part 2 and Part 3, the functionality is explained in more detail, including how the encryption technology works and how a digital signature can be applied with the webPDF portal.
Is a document with a digital signature legally binding?
There are three signature levels with different security requirements: simple, advanced and qualified digital signatures. Since 01 July 2016, the eIDAS Regulation (electronic IDentification, Authentication and trust Services) has been in force. In principle, electronically signed documents may not be denied legal effect solely because they are in electronic form.
However, only a qualified electronic signature automatically has the same legal effect as a handwritten signature in the relevant cases. According to the eIDAS Regulation, a QES is the most secure form of signature, but also the most demanding to implement. The relevance of the document and the user experience therefore always need to be weighed on a case-by-case basis.
Applying qualified electronic signatures is only possible if the necessary requirements are met. As a rule, this includes a signature card, a card reader and suitable software. Since the eIDAS Regulation, German companies can also use fully cloud-based solutions.
Comparison of signature types
| Type | Characteristics | Typical areas of use | Legal assessment |
|---|---|---|---|
| Simple | Image or scan of a signature, seal or stamp | Internal documents, low-risk transactions | Lowest security level, can be changed afterward |
| Advanced | Cryptographically secured, linked to a person, tampering must be detectable | B2B contracts and processes with moderate protection requirements | Higher protection, but not always sufficient for the highest legal requirements |
| Qualified | Advanced signature with a qualified certificate and secure signature creation | Notarial and official procedures, regulated workflows, legally critical documents | Highest security and legal level |
Legal requirements
-
Data protection standards of the European Telecommunications Standards Institute (ETSI)
-
PAdES standard (PDF Advanced Electronic Signature)
-
CAdES format (CMS Advanced Electronic Signatures)
-
German Signature Act (SigG) or eIDAS (electronic IDentification, Authentication and trust Services). Further information about eIDAS and electronic trust services is available from the Federal Network Agency (Bundesnetzagentur).