Electronic Signature & Digital Signature
Electronic signature and digital signature are not the same and from my perspective, the digital signature is a subset electronic signature that used certificated-based digital ID to link the signer and the documents. Since digital signature required users to enroll a certificate from licensed CA authority, the secure user enrolment process and information verification make it offers higher security and protection compare to eSignature
What is Electronic Signature?
An electronic signature is broadly defined under the ECA as “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”.
Electronic signature is legally binding in most of the country (Subject to in-country laws) as long as meet the following requirements.
• It is uniquely linked to the signatory and under the control of the signer only;
• It is capable of identifying the signatory and or logically associated with the document;
• It is created using means that are under the signatory’s sole control;
• It is linked to other electronic data in such a way that any alteration to the said data can be detected.
• Any change to the e-signature post signing is detectable;
Electronic signatures are popular because they are easy to use. Peoples can have several methods to indicate their eSignatures.
• Clicking on a website button to accept, sign, initial, and confirm. (e.g. “I Agree”, “I Accept”)
• Click of the mouse to trace a handwritten signature
• Typing the signatory’s name
• Pasting a scanned version/image file of the signatory’s signature
What is Digital Signature?
The Digital Signatures Act 1997 (“DSA”) defines a “digital signature” as “a transformation of a message using an asymmetric cryptosystem (“an algorithm or series of algorithms which provide a secure key pair”) such that a person having the initial message and the signer’s public key can accurately determine (a) whether the transformation was created using the private key that corresponds to the signer’s public key and (b) whether the message has been altered since the transformation was made.”
• In Malaysia government authorized CA are allowed to issue a digital certificate to users as a digital identity to perform an electronic transaction. The use of recognized digital signature can fulfill requirements of confidentiality, identity authentication, non-repudiation, and integrity of information. Compare to Electronic Signature, “Digital Signature” is different as following
• User signature created using the private key that corresponds to the signer public key. To comply non-repudiation, private key always generated and stored in secure elements like smart card and hardware security.
• It can detect whether the message has been altered for each signatory
• User can embed own “unique fingerprint” into the document.
• They private key is unique for each user.
• Signature information permanently embedded into the document
