Digital signature: definition, how it works and difference with electronic signature
Many confuse "digital signature" and "electronic signature". The two terms do not designate the same thing. Here is a clear explanation, without jargon, to understand the difference and choose the right solution.
In brief
Digital signature is a precise cryptographic mechanism (private key + certificate + document fingerprint) that proves the signatory''s identity and document integrity. Electronic signature is a broader, legal term that designates any device enabling dematerialized document signing — digital signature is an advanced form of it. In practice, when a site like Certyneo talks about "electronic signature", it''s almost always a digital signature in the technical sense.
What is a digital signature?
A digital signature is cryptographic data attached to an electronic document. It is created from the document''s fingerprint (hash) and a private key belonging to the signatory. Anyone with the corresponding public key can then verify two things: that the document was not modified after signature, and that the signature was indeed affixed by the holder of the private key. Digital signature is used in most electronic signature solutions compliant with the eIDAS regulation.
Digital signature vs electronic signature
The two terms are often used interchangeably, but they do not designate exactly the same thing.
| Criterion | Digital signature | Electronic signature |
|---|---|---|
| Nature of the product | Technical mechanism (cryptography) | Legal concept (eIDAS) |
| Scope | Restricted: a specific method | Broad: any digital signature device |
| Guarantees | Identity + integrity proven mathematically | Variable depending on the level (SES, AES, QES) |
| Example | PAdES signature of a PDF with an X.509 certificate | "I accept" checkbox, mouse signature, digital signature with certificate |
| Legal value | Strong (equivalent to handwritten signature at AES/QES level) | Variable depending on the level chosen |
How does a digital signature work?
The process in 4 steps — simplified.
- 1
Computing the document fingerprint
The document is passed through a hash function (SHA-256). The result is a unique fingerprint of a few bytes that changes dramatically if a single character of the document is modified.
- 2
Encrypting the fingerprint with the private key
The fingerprint is encrypted with the signer''s private key, stored on a secure medium (HSM, smart card, or eIDAS-compliant server for remote signature).
- 3
Affixing the signature and certificate
The encrypted fingerprint is attached to the document, accompanied by the signer''s digital certificate (which contains their public key and identity verified by a certification authority).
- 4
Verification by the recipient
The recipient uses the certificate''s public key to decrypt the signed fingerprint, then compares it to the recalculated fingerprint of the document. If the two match, the document is authentic and has not been modified.
When is digital signature used?
- Signing an employment contract remotely
- Validating a compliant electronic invoice
- Signing a dematerialized notarial deed
- Authenticating banking documents
- Signing a commercial contract remotely
- Validating a quote or purchase order
- Signing a lease or real estate contract
- Medical documents and patient consents
Want to sign your documents digitally?
Certyneo offers eIDAS-compliant electronic signature (using digital signature under the hood) — free up to 5 envelopes per month, no credit card required.
Frequently asked questions
Digital signature and electronic signature, are they the same thing?
No, but they are closely linked. Electronic signature is the legal concept defined by the eIDAS regulation — it refers to any dematerialized signature device. Digital signature is the cryptographic technology that makes most compliant electronic signatures possible (notably AES and QES levels).
Does digital signature have legal value?
Yes, when it is used as part of an advanced electronic signature (AES) or qualified signature (QES) under eIDAS, its legal value is equivalent to that of a handwritten signature. The simple level (SES) — often a checkbox — does not have the same probative force.
How to verify the authenticity of a digital signature?
Most PDF readers (Adobe Acrobat Reader, Foxit) display a signature status when a signed document is opened. You can also use the validation service from the French National Information Systems Security Agency (ANSSI) for European qualified signatures.
Do you need special software to make a digital signature?
No, not for the signer. A platform like Certyneo handles the technical part: certificate generation, fingerprint calculation, cryptographic signing, timestamping. The signer only has to click the "Sign" button in their browser.