What is an electronic signature?

What is an electronic signature and how do you create one?

Electronic signatures, or e-signatures have rapidly decreased the time to get a document signed. The old ways of either gathering a meeting for signing or printing, signing, scanning and sending a document are being replaced by e-signing solutions. But what is an electronic signature? and how do you create one? 

If you don’t care about how its done and just need something electronically signed the following links might be helpful: 

• Create and send and e-sign a document with Docspos open editor
• Add signature to a PDF
• Add signature to google docs 

If you look up what en electronic signature is on Wikipedia You will see the following: “An electronic signature refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign.” - It's not exactly crystal clear what they mean by that, so I have tried to put it in a more explanation like I'm five version below. 

ELI5 - what is an electronic signature: Imagine that your handwritten signature - unique to you - this is transformed into a piece of code, your signature in an electronic form. Now we need to place your signature on something you are going to sign. So the next thing we need to figure out is a way to put your piece of data, your signature, on other data (for example documents) in a way that we can prove that it was exactly that data that you, and no one else, put your signature on. 

This poses two technical challenges:

1. We need to know that your signature belongs to you
2. We need to be able to prove that the thing you signed has not been altered or tampered with (document integrity)

How to determine that your signature belongs to you. (How is a signature created)

There are a couple of ways this can be achieved. The most basic being attaching your signature to a mail address, IP and device for example. One step above that would be to connect a phone number which is quite common. If an e-signature service wants to further increase the proof that you are you it’s possible to use a third party system (an e-ID service) such as the one our service uses in Europe (BankID in Sweden) and there are also services for scanning your ID card for example. In essence it's different ways to connect evidence data to your signature. 

Document integrity. 

So you signed something and your proof data is put on some other data, for example a document. The next step is to make sure that it’s possible to prove that this combination of information (signature + document) has not been altered with. 

A non technical description of this (in order word, my description of this) is that you take all the information (signature + document) and put it through an algorithm (encryption) that produces a number. A public key so to say. If you would reverse (decrypt) this public key through the algorithm you would get information (signature + document). If anything would be different or have been changed, down to a space or comma, the decryption would not be equal to the signature + document and you would know that something has been tampered with. 

The visual representation of this is often a watermark on each page with a signature code (the public key) which can be put into a validation service to show if the document is identical to what was signed or not. For example at docspo you can use our verify service where you upload a PDF version of the signed document and it will say if it matches the original. 

What are the regulatory demands on an electronic signature? 
This depends on where you live. Below you can find what rules apply depending on where you conduct business. 

United States 
United States Electronic Signature in Global and National Commerce (ESIGN) act, and the Uniform Electronic Transaction Act UETA need to be achieved in order for an electronic signature to be valid under U.S. law. 

European and UK Users.
eIDAS or Regulation (eu) No 910/2014.