The term "digital signature" is used loosely in everyday language to mean any signature applied electronically — a drawn squiggle on a touchscreen, a typed name, a checkbox on an agreement. But in cryptography and law, "digital signature" has a specific, technical meaning that is quite different from those examples. Understanding the distinction matters both for security and for knowing which type of signature a given situation actually requires.
What a digital signature is NOT
A digital signature is not:
- An image of your handwritten signature pasted into a document
- A photo of your signature
- A drawn mark on a touchscreen
- A typed name at the bottom of an email
- A checkbox saying "I agree"
All of those things can be legally valid electronic signatures — but they are not digital signatures in the technical sense. The confusion arises because "electronic signature" and "digital signature" are often used interchangeably in marketing and casual conversation, even though they describe different things.
What a digital signature IS
A digital signature is a cryptographic mechanism that uses asymmetric key pairs to:
- Prove the signer's identity — only the holder of a specific private key could have produced the signature.
- Prove the document has not been altered — any change to the document after signing invalidates the signature.
The mathematics are elegant. When you sign a document digitally:
- A hash function (typically SHA-256) produces a fixed-length fingerprint of the document content.
- Your private key encrypts that hash, producing the digital signature — a block of data that is appended to the document.
- Anyone with your corresponding public key can decrypt the signature back to the hash, then independently compute the hash of the document. If the two hashes match, the signature is valid: the document was signed by whoever holds the private key, and it has not been altered.
This provides a property called non-repudiation: the signer cannot later deny having signed, because only their private key could have produced the signature. A wet ink signature can be denied ("I didn't sign that") or forged; a properly implemented digital signature cannot be.
How PKI makes digital signatures trustworthy
The weakness of asymmetric cryptography in isolation is: how do you know that a public key belongs to the person it claims to represent? If anyone can generate a key pair and claim to be "Jane Smith," the system proves nothing about identity.
PKI (Public Key Infrastructure) solves this by introducing a trusted third party — a Certificate Authority (CA). A CA verifies the identity of the key holder (by checking ID documents, official records, or biometric data), then issues a digital certificate binding the public key to the verified identity. When you receive a digitally signed document, you verify both the cryptographic signature and the certificate's chain of trust back to a trusted CA.
Under EU law, this produces a Qualified Electronic Signature (QES) — the highest tier of electronic signature, defined in the eIDAS Regulation, which has legal equivalence to a handwritten signature in all EU member states.
Electronic signature vs digital signature — comparison
| Property | Electronic signature | Digital signature (PKI-based) |
|---|---|---|
| Definition | Any electronic indicator of intent | Cryptographic proof using key pair |
| Proves identity | Circumstantially (email, IP, timestamp) | Cryptographically (private key) |
| Tamper evidence | No built-in proof | Yes — any change invalidates signature |
| Non-repudiation | Weak | Strong |
| Requires CA certificate | No | Yes (for qualified signatures) |
| Legal standing (UK/EU/US) | Valid for most commercial contracts | Highest tier — equivalent to wet ink |
| Setup complexity | Low — any tool | High — certificate purchase and management |
| Cost | Free to low | £100–£300/year for a qualified certificate |
When is a qualified digital signature required?
In practice, far less often than most people assume. In the UK and EU, qualified digital signatures are required for a narrow set of transactions:
- Certain cross-border government submissions under eIDAS
- Some regulated financial services contracts under MiFID II
- Specific legal filings in some EU jurisdictions where national law mandates QES
- Corporate deed execution in some contexts
Standard commercial contracts, employment agreements, NDAs, tenancy agreements, service contracts, and consumer agreements — the documents that make up the overwhelming majority of everyday signing — are fully covered by standard electronic signatures. A court in England and Wales will give an electronically signed contract the same evidential weight as a wet ink signature, provided there is clear evidence of intent to sign.
What PrimeDocu provides
PrimeDocu's PDF signer produces a legally binding electronic signature — an embedded mark with associated metadata (timestamp, device information, IP address) that constitutes clear evidence of intent to sign. This meets the legal standard for electronic signatures in the UK (Electronic Communications Act 2000), the EU (eIDAS Simple Electronic Signature tier), and the US (ESIGN and UETA).
PrimeDocu does not currently issue PKI-based qualified digital signatures, which would require integrating with a Certificate Authority and managing user certificates. For the 99% of signing occasions that arise in everyday personal and business life, the distinction does not matter — a PrimeDocu signature is legally sufficient.
Frequently asked questions
Is a digital signature the same as an electronic signature?
No. An electronic signature is any electronic indicator of intent to sign — a typed name, a drawn mark, a checkbox. A digital signature is a specific cryptographic mechanism using PKI asymmetric keys that provides cryptographic proof of identity and tamper evidence. All digital signatures are electronic signatures, but most electronic signatures are not digital signatures in the technical sense.
When is a digital signature legally required?
True PKI-based Qualified Electronic Signatures are required for a narrow set of high-stakes transactions — certain government filings, some cross-border EU legal proceedings, and regulated financial contracts in specific jurisdictions. For the vast majority of commercial and personal contracts, a standard electronic signature is legally sufficient in the UK, EU, and US.
How does asymmetric encryption prove identity?
A key pair is generated: a private key known only to you, and a public key shared openly. To sign a document, your private key encrypts a hash of the document content, producing the digital signature. Anyone with your public key can decrypt the signature, compute the document hash independently, and verify they match — proving the document was signed by the private key holder and has not been altered since signing.
Does PrimeDocu produce a digital signature or an electronic signature?
PrimeDocu produces a legally binding electronic signature — a mark of intent embedded with timestamp and metadata. It does not use PKI certificate-based digital signatures. For 99% of everyday contracts — service agreements, NDAs, employment contracts, tenancy agreements — PrimeDocu's electronic signature is fully sufficient and legally binding in the UK, EU, and US.