What is the Difference Between Electronic and Digital Signatures?


Electronic signature (or e-signature) and digital signature are very similar terms, resulting in some confusion between them. Both indicate that a kind of legally-recognized signing operation has taken place with an electronic document. However, the accepted definition of “electronic signature” is much broader than that of “digital signature,” and there are important differences between them.

We’ll discuss these distinctions below, but the TL;DR takeaway is that certificate-based digital signatures (such as those made with SSL.com’s Business Identity certificates) offer guarantees of authenticity, integrity, and non-repudiation that are not offered by simple electronic signatures.

Note: The European Union’s eIDAS regulation, discussed below, uses different language to distinguish between types of electronic signatures, and attaches more explicit legal meanings to different types of signatures than U.S. law does.

What is an Electronic Signature?


The U.S. Electronic Signatures in Global and National Commerce (ESIGN) Act (2000) defines an “electronic signature” as

an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record generated, sent, communicated, received, or stored by electronic means.

In practice, an electronic signature is often simply an image of a handwritten signature (most commonly made with your finger or stylus on a touchpad or screen). Electronic signing solutions may also include single- or multi-factor electronic authentication methods (e.g. PIN, password, email authentication, etc.).

Without more specific information about the processes and technologies used, the term “electronic signature” does not imply any guarantee of third-party validation of a document’s signatory, or of the integrity of a document’s content since it was signed. This can lead to some bad practices – for example, the owner of a company I used to work for just had a scan of their signature that could be pasted into contracts. That’s technically an “electronic signature” according to U.S. law, but we can easily do better than that!

What is a Digital Signature?


Unlike a simple electronic signature, a digital signature uses a PKI-based digital certificate issued by a certificate authority (CA) that binds an identity (such as a person or company) to a cryptographic key pair. When a document is digitally signed with the signatory’s private key, the document’s exact content and the identity of the signatory are bound together to form a unique digital fingerprint, ensuring:

  • Authentication. The identity of a document’s signatory has been validated by a publicly-trusted CA.
  • Integrity. The content of a document has not been altered since it was signed.
  • Non-repudiation. A signatory cannot plausibly deny that they signed a document.
Note that in Adobe Acrobat, a special type of digital signature known as a certification signature may optionally allow limited modifications to a signed document, such as the addition of approval signatures from other parties.

U.S. Federal law, as defined in the ESIGN act, is broadly permissive regarding the enforceability of both electronic and digital signatures. However, simple electronic signatures do not provide the guarantees of authenticity, integrity, and non-repudiation offered by certificate-based digital signatures. Furthermore, the laws of many countries (including, as noted below, the member states of the EU as well as China, India, and South Korea) distinguish between certificate-based digital signatures and simple electronic signatures.

SSL.com’s Business Identity certificates offer trusted digital signatures for Adobe PDF and Microsoft Office documents, plus S/MIME email and client authentication, in a convenient, secure YubiKey FIPS USB token.

Electronic and Digital Signatures in the European Union (eIDAS)


The European Union’s Electronic Identification and Trust Services (eIDAS) Regulation (effective in 2016) recognizes three distinct types of electronic signatures, as well as electronic seals intended for use by legal entities such as corporations and other organizations:

  • Electronic Signatures. eIDAS defines an “electronic signature” as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” Like ESIGN, eIDAS also states that a signature cannot be denied legal admissibility solely because it is in electronic form.
  • Advanced Electronic Signatures must be uniquely linked to and identifying of the signatory, must be created using signature data that the signatory can use under their sole control, and any signed data must be tamper-evident. These conditions may be satisfied with a CA-issued digital certificate, such as SSL.com’s Business Identity certificates.
  • Qualified Electronic Signatures have the same legal standing as handwritten signatures. A qualified electronic signature requires a certificate-based digital ID issued by a qualified EU Trust Service Provider (TSP) and must be made with a “qualified electronic signature creation device” such as a USB token.
  • Electronic Seals are similar to electronic signatures, but are typically associated with legal entities rather than natural persons. eIDAS distinguishes between electronic, advanced, and qualified seals according to the same criteria used for signatures.

As defined by eIDAS, qualified electronic signatures and certificate-based advanced electronic signatures would both also be considered types of digital signatures, as that term is usually used in the US.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.