An e-signature is a digital version of a traditional signature that is used to sign digital documents. It is a way of verifying that the person signing the document is who they say they are and that the document has not been tampered with.
There are three different types of e-signatures: the Simple, the Advanced and the Qualified signature. E-signature solutions like ValidSign are using the two later ones, as they provide higher levels of security.
Let’s explain further the differences between the three:
The Simple signature
The simple signature is an e-signature attached to electronic data, such as a document or an e-mail. Think of a scanned ordinary signature. The simple electronic signature normally does not meet the safety requirement, as this type of signature is easy to manipulate.
The Advanced signature
The advanced electronic signature meets the requirements set out in Article 26 of the eIDAS regulation for e-signatures.
These requirements are:
- Is uniquely linked to the signatory;
- Enables identification of the signatory;
- Is created using electronic signature creation data that the signatory, with a high level of trust, can use under his sole control and;
- Linked to the electronic file to which it relates in such a way that any modification of the data can be detected. The advanced electronic signature can be applied to most documents in a low-threshold manner. Both sender and recipient can sign electronically, so the entire signing process is securely handled digitally.
Advanced electronic signatures, are like handwritten signatures, unique to each signer. ValidSign follows a specific protocol called PKI. When a person signs a document with this technology, the signature is created using the signers key, which is being kept securely by the signer in the system. The mathematical algorithm acts like a cipher, creating data matching the signed document, called a hash, and then encrypting that data. If any changes are made to the document, the hash will change, alerting you to the fact that the document has been altered with.
The resulting encrypted data is the digital signature.
The Qualified signature
A qualified electronic signature is a signature with a qualified certificate. This certificate can be added digitally to the document using a signature solution such as ValidSign. The certificates are issued by so-called certificate service providers. The certificate that most accounting firms are familiar with is the PKI government certificate (professional certificate showing that the AA/RA Accountant is registered with the NBA). In some cases, such as filing of financial statements (SBR Assurance), a qualified certificate must be used when signing.