What is a digital signature certificate?
A digital certificate is a digital identification card that is issued to natural persons, legal entities, or services. This can be used to digitally sign files stored on electronic devices and is therefore also often referred to as a digital signature certificate. Digital signature certificates are issued by entities known as Certificate Authorities (CA). CAs issue digital signature certificates only after undertaking stringent checks to verify the identity of the individuals and organizations seeking them. The digital signature certificate itself is a pair of unique cryptographic keys, one private and one public, that are used in the process of signing the files and verifying their validity and data integrity.
When does a signer need their own digital signature certificate?
For most documents, the digital signature certificate issued to Zoho Sign can be used to sign the document as it still ensures document validity and data integrity. However, this may vary with respect to the legal regulations in each state, region, country, or continent. There are regional laws, such as the eIDAS regulations in the EU and the Information Technology Act (2000) in India, that mandate the use of a signer's own digital signature certificate to sign certain types of documents. The most common example of this is when documents submitted to or belonging to public bodies, governmental agencies, banks and financial institutions require signing, it must be done only using the signer's own digital signature certificate.
Types of Digital Signatures
Every type of digital signature falls under one of the below categories.
Simple Digital Signature
This is the simplest form of digital signature because it is not protected by any encryption method. In terms of security and legality, this type of signature is not completely encrypted.
Basic Digital Signature
Digital basic signatures don't have much difference when compared to simple digital signatures. The advantages of basic digital signatures is the ability to show the changes that occur after the document is signed. This type of digital signature uses asymmetric cryptography. The signing process is also not a 2-factor authentication.
The documents signed with this category of digital signature don't have legal power and legal consequences.
Advanced & Qualified Digital Signatures
Advanced & Qualified Digital signature is the safest digital signature and has legal strength equivalent to a wet signature on paper. This category of digital signature is designed with asymmetric cryptography and public key infrastructure. This digital signature requires a 2-factor authentication before the document can be signed by the user.Another added feature is that, this category has an electronic certificate that is uniquely attached to the identity of the signatory.
Qualified Electronic Signature (QES)
A qualified electronic signature is an electronic signature made using a qualified digital certificate generated by a Qualified Signature Creation Device (QSCD). In the European Union (EU), a qualified electronic signature is considered the equivalent of a hand-drawn signature.
Certificate Authority (CA)
A Certificate Authority is an entity that issues digital signature certificates to individuals and organizations. A CA is licensed to issue digital signature certificates by its government, or the regulatory authority governing digital identity, in its region of operation and establishment.
Zoho Sign now offers the capability to sign documents with your own digital signature certificate by integrating with the services provided by the following CAs:
- Aadhaar eSign
- QES via EU eID