Whether you’re signing legal papers, the back of your bank card, or permission for your kid’s school field trip, you are using your signature pretty regularly. In fact, this might have even become an automatic response to someone putting a piece of paper in front of you.
However, when it comes to digital documents, you can’t just scribble your John Hancock with a pen.
For this, we use digital signatures, and in this article we’ll explain what they are and how they are used to digitally sign emails.
What are digital signatures?
A digital signature is a type of electronic signature that can be used to authenticate the person who signed a document.
In a sense, a digital signature is a “virtual fingerprint”, and once a document is signed with it, it becomes an embedded part of the document.
Digital signatures serve three essential roles:
- Sender verification: the sender is who they claim to be
- Integrity: the message was not altered during transit
- Non-repudiation: the sender cannot deny having sent the message
This makes digital signatures more secure than handwritten or “wet” signatures (“wet” because signatures were traditionally signed with ink) as there is really no reliable way of verifying a handwritten signature, much less a way to know if the document was not tampered with.
Handwritten signatures are unique to every person, depending on their style, whether they are left or right-handed, how fast they write, and several other factors, but once the signature is put to paper, it can be easy to forge using a simple tracing paper and tracing the signature impression.
This creates a repudiation problem with handwritten signatures as one can simply claim that someone copied their John Hancock and it would be difficult to prove that this is not the case.
However, because of how they work, this is not possible with digital signatures, so let’s go ahead and explain this.
How do digital signatures work?
A digital signature only requires the sender (the signer) to have cryptographic keys (a private key and a public key). The sender signs the message locally on their device (using the sender’s private key). Furthermore, the receiver verifies it on their device using the sender’s public key. The process works as follows:
- Alice (sender) generates a key pair and shares her public key with Bob (a one-time pre-requisite).
- Alice signs the message using her private key on her device and sends the message to Bob.
- Bob receives the signed message on his device and verifies the signature using Alice’s public key.
Now, to fully understand how digital signatures work, we need to get a little technical and talk about two different protocols that a digital signature can be based on.
The first one is PKI or “Public Key Infrastructure“. This means that the public key that Alice was using to sign her message to Bob has to be certified by a CA or a “Certificate Authority” (such as Verisign).
In other words, the CA vouches for the key, and the key validates the sender – making the CA a trust anchor.
However, a centralized authority (i.e. Certificate Authority) can not always be trusted (e.g., due to sociopolitical reasons) or can be compromised.
An alternative trust model is Web of Trust or Pretty Good Privacy (PGP).
In the “web of trust” model, each user has a set of “trusted” public keys that verify the sender to the recipient, instead of everyone relying on a single CA.
What is the difference between a digital and an electronic signature?
We mentioned earlier that a digital signature is a type of electronic signature. It’s important to differentiate between those two properly, as not every e-signature is automatically a digital signature.
For instance, an electronic signature is any type of expression, not just a signature itself. It can be a PIN code, password, …
| Feature | Electronic signature | Digital Signature |
| Purpose | Verifying the document | Protecting the document |
| Verification | Cannot be verified | Can be verified |
| Third-party regulation | Typically not regulated | Regulated by the CA (PKI) or “web of trust” (OpenPGP) |
| Cryptography | Doesn’t use cryptographic algorithms | Created using cryptographic algorithms |
| Advantage | Able to authenticate the sender | Easier to use |
How to send digitally signed emails using Mailfence
First, generate your key pair, and share your public key. Then “Sign and Send” any message you want. Digitally signing emails with Mailfence is as simple as that!
Yes, Mailfence – secure and private email service has made it super easy!
Furthermore, you can check our user guide for more details on how to sign OR sign & encrypt your messages. In addition, you can check and perform other key management operations.
Even easier with our ‘Integrated key store’
With an integrated key store, users can generate, export, or import a key pair. For instance, they can also manage their key or add recipients’ public keys. All of this without any external plugin or add-on.
The integrated key store gives users control over their privacy. In addition, we offer complete reversibility. In this case, a user can export their key pair as well as all the other data stored in their account, such as calendar, contacts, and documents.
Digitally signing without end-to-end encryption
In a recent post, we explained that digital signatures combined with end-to-end encryption increase security. But it can also be useful to sign emails digitally without encrypting them:
- Digitally signing emails with attachments reassures the receiver of the email. In addition, this assures that both the content and the attachment have not been tampered with during transit. This increases the legal value of the email.
- Consent with legal & regulatory requirements in various environments (e.g., sales contracts, vendor & supplier agreements, …)
Wanna learn more about OpenPGP digital signature best practices?
At Mailfence, we have designed an easy-to-use end-to-end encrypted email. We believe that users have an absolute and irrevocable right to internet privacy.
