Digital signature: definition, how it works and difference with electronic signature
Many confuse "digital signature" and "electronic signature". The two terms do not designate the same thing. Here''s a clear explanation, without jargon, to understand the difference and choose the right solution.
In brief
Digital signature is a precise cryptographic mechanism (private key + certificate + document fingerprint) that proves the signer''s identity and document integrity. Electronic signature is a broader, legal term that designates any device allowing you to sign a document in a dematerialized way — digital signature is an advanced form of it. In practice, when a site like Certyneo talks about "electronic signature", it''s almost always a digital signature in the technical sense.
What is a digital signature?
A digital signature is cryptographic data attached to an electronic document. It is created from the document''s fingerprint (hash) and a private key belonging to the signer. Anyone with the corresponding public key can then verify two things: that the document has not been modified after signing, and that the signature was indeed affixed by the holder of the private key. Digital signature is used in the majority of electronic signature solutions compliant with the eIDAS regulation.
Digital signature vs electronic signature
The two terms are often used interchangeably, but they do not designate exactly the same thing.
| Criterion | Digital signature | Electronic signature |
|---|---|---|
| Nature | Technical mechanism (cryptography) | Legal concept (eIDAS) |
| Scope | Restricted: one precise method | Broad: any dematerialized signature device |
| Guarantees | Identity + integrity mathematically proven | Variable depending on the level (SES, AES, QES) |
| Example | PAdES signature of a PDF with an X.509 certificate | "I accept" checkbox, mouse signature, digital signature with certificate |
| Legal value | Strong (equivalent to handwritten signature at AES/QES level) | Variable depending on the level chosen |
How does a digital signature work?
The process in 4 steps — simplified.
- 1
Calculate the document fingerprint
The document is passed through a hash function (SHA-256). The result is a unique fingerprint of a few bytes that changes radically if a single character in the document is modified.
- 2
Encrypt the fingerprint with the private key
The fingerprint is encrypted with the signer''s private key, stored on a secure medium (HSM, smart card, or eIDAS-compliant server for remote signing).
- 3
Affixing the signature and certificate
The encrypted fingerprint is attached to the document, accompanied by the signer''s digital certificate (which contains their public key and identity verified by a certification authority).
- 4
Verification by the recipient
The recipient uses the certificate''s public key to decrypt the signed fingerprint, then compares it to the recalculated fingerprint of the document. If the two match, the document is authentic and has not been modified.
When is digital signature used?
- Signing an employment contract remotely
- Validation of a compliant electronic invoice
- Signing a dematerialized notarial act
- Authentication of banking documents
- Signing a commercial contract remotely
- Validation of a quote or purchase order
- Signing a lease or real estate contract
- Medical documents and patient consents
Want to digitally sign your documents?
Certyneo offers eIDAS-compliant electronic signature (using digital signature under the hood) — free up to 5 envelopes per month, without credit card.
Frequently asked questions
Digital signature and electronic signature, are they the same thing?
No, but they are closely linked. Electronic signature is the legal concept defined by the eIDAS regulation — it designates any dematerialized signature device. Digital signature is the cryptographic technology that makes most compliant electronic signatures possible (notably AES and QES levels).
Does digital signature have legal value?
Yes, when it is used within an advanced (AES) or qualified (QES) electronic signature under eIDAS, its legal value is equivalent to that of a handwritten signature. The simple level (SES) — often a checkbox — does not have the same evidentiary force.
How to verify the authenticity of a digital signature?
Most PDF readers (Adobe Acrobat Reader, Foxit) display a signature status when a signed document is opened. You can also use the validation service of the National Agency for Information Systems Security (ANSSI) for European qualified signatures.
Do you need special software to create a digital signature?
No, not for the signer. A platform like Certyneo handles the technical part: certificate generation, fingerprint calculation, cryptographic signature, timestamping. The signer only has to click the "Sign" button in their browser.