Digital Signature

A digital signature is a specific cryptographic technique used to secure an electronic document, not just another name for signing online. It relies on public key infrastructure (PKI): a pair of mathematically linked keys, one private and one public. When you apply a digital signature, the software first runs the document through a hash function, which produces a short, unique fingerprint of the file's exact contents. That hash is then encrypted with your private key, which only you control. The result, bundled with a certificate that vouches for your identity, is the digital signature attached to the document.

Anyone can verify it using your public key. The verifier decrypts the signature back into the original hash, independently re-hashes the document they received, and compares the two. If the fingerprints match, two things are proven at once: the document has not been altered by even a single character since it was signed (integrity), and it was signed by the holder of the matching private key (attribution). If anything in the file changed, the new hash would not match and verification fails. This is what makes a digital signature tamper-evident at the math level rather than just by policy.

The identity link comes from a digital certificate issued by a trusted certificate authority, which confirms that a given public key really belongs to a specific person or organization. Without that trusted third party, a public key is just a number with no proven owner. This certificate-and-key chain is also what powers HTTPS in your browser, which is why the same technology can underpin a legally robust signature.

The most important distinction is that a digital signature is a type of electronic signature, not a synonym for one. Electronic signature is the broad legal category, covering anything from a typed name to a drawn squiggle that shows intent to sign. Digital signature is the narrower technical method that uses cryptography to back that intent with hard proof. Under the EU's eIDAS Regulation (EU) No 910/2014, this cryptographic approach is what lifts a signature into the advanced (AES) and qualified (QES) tiers, which carry the strongest evidentiary weight. In the United States, the ESIGN Act (2000) and UETA (1999) do not require this level of cryptography for a signature to be valid, but pairing intent with a strong audit trail and a tamper-evident seal is what makes any e-signature easiest to defend if it is ever challenged.

Examples

• A signed PDF whose cryptographic seal breaks the moment a single number in the contract is edited after signing, instantly revealing tampering.
• A document signed under eIDAS using a certificate from a qualified trust service provider, meeting the advanced (AES) or qualified (QES) tier.
• A browser padlock on an HTTPS site, which uses the same public key infrastructure and certificate-authority trust model as a digital signature.