FAQ: Digital Signatures and Document Signing

What is a document signing certificate?


A document signing certificate is a type of X.509 certificate, a digital file that binds the identity of a person or organization to a cryptographic key pair consisting of a public and private key. Typically, an applicant generates a key pair and then submits the public key, along with verifiable information about their identity, to a publicly trusted certificate authority (CA) such as SSL.com. Depending on the intended application, the key pair may be generated on the applicant’s computer or within a secure token or hardware security module (HSM). The CA checks the information and, if valid, issues a signed certificate to the applicant. The certificate can then be used to create digital signatures.

What is a digital signature?


A digital signature is a fixed-length, one-way hash of a document’s contents, along with metadata such as the hashing algorithm used, that has been encrypted with the signer’s private key. A recipient can use the corresponding public key (included in the signer’s CA-issued document signing certificate) to decrypt and then re-compute the hash, verifying that the document has not been altered since it was signed and that the signer is in possession of the private key associated with their certificate. Because of these guarantees of integrity and authenticity, it is difficult for an authentic signatory to deny that they signed a document. This quality of digital signatures is known as non-repudiation.

Is a digital signature the same as an electronic signature or e-signature?


No. An electronic signature (or e-signature) is very broadly defined by by the U.S. Electronic Signatures in Global and National Commerce (ESIGN) act as “an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record generated, sent, communicated, received, or stored by electronic means.” In contrast, a digital signature requires a CA-issued digital certificate and provides assurance of the identity of the signatory and the integrity of the signed document.

For more detailed information, please read our FAQ on the difference between electronic and digital signatures.

Are digital signatures legal and enforceable?


Yes. In the United States, the Electronic Signatures in Global and National Commerce (ESIGN) act gives electronic signatures (including digital signatures) the same legal status as handwritten signatures. The European Union’s Electronic Identification and Trust Services Regulation (eIDAS) recognizes all electronic signatures, but gives greater weight to PKI-based digital signatures. Many other nations also recognize the legality of digital signatures.

What can I sign with a document signing certificate?


Many types of common electronic documents can be digitally signed, including Microsoft Office (Word documents, Excel Spreadsheets, and PowerPoint presentations) and Adobe PDF. However, not all document signing certificates are created equal. Microsoft’s trust store is not the same as Adobe’s, and Adobe’s requirements for document signing certificates are more stringent. When you buy a document signing certificate from a CA, it’s important to make sure that it can be used to create trusted signatures for the types of documents you need to sign.

What is the Adobe Approved Trust List (AATL)?


The Adobe Approved Trust List (AATL) is comprised of certificate authorities (CAs) that meet Adobe’s standards for issuing document signing certificates for use with Adobe Acrobat, Acrobat Reader, and other Adobe products. SSL.com is a member of the AATL program and is trusted by all Adobe products for digital signings.

Why are SSL.com’s PDF document signing certificates shipped on secure hardware tokens?


Adobe’s technical requirements for digital signatures mandate that private document signing keys be generated and stored on a secure device with two-factor authentication, such as a USB token or hardware security module (HSM). For this reason, SSL.com ships its document signing certificates on YubiKey FIPS 140-2 validated security keys. These added layers of security keep your key safe and your digital identity secure.

For enterprise customers, SSL.com can host document signing keys on an HSM for volume signing operations. If requested, we can also ship document signing certificates on Gemalto tokens.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.