A digital signature is a cryptographic method that proves the authenticity (identity of the sender) and integrity (immutability of the content) of a digital document. It is the digital equivalent of a handwritten signature — mathematically more secure and equally legally binding.
Digital Signature vs. Electronic Signature
The terms are often confused:
| Term | Definition | Legal Validity |
|---|---|---|
| Electronic Signature (simple) | Scanned signature, typed signature | Basic legal validity |
| Advanced e. Signature | Uniquely attributable, tamper-evident | Stronger legal standing |
| Qualified e. Signature (QES) | With qualified certificate (eIDAS) | Equivalent to handwritten signature |
| Digital Signature (technical) | Cryptographic method (RSA, ECDSA) | Basis for all advanced signatures |
How Does a Digital Signature Work?
Mathematical principle (public-key cryptography):
- Create: The sender creates a hash of the document using their private key and encrypts it → digital signature
- Attach: The signature is attached to the document
- Verify: The recipient decrypts the signature using the sender's public key and compares the hash with the document
If the hash and document match: the document has not been altered and originates from the stated sender.
Where Are Digital Signatures Legally Binding?
In the EU, the eIDAS Regulation (Electronic IDentification, Authentication and trust Services) has applied since 2016:
- Qualified Electronic Signature (QES): legally equivalent to a handwritten signature across the entire EU
- Valid for: contracts, official documents, tax returns, patient declarations
Limitations: Limitations: Some documents in Germany still require notarization (e.g., real estate purchase contracts, inheritance agreements).
Digital Signatures in Practice
Email Signing with GPG/PGP
With your GPG key pair, you can sign emails:
- Recipients can verify that the email came from you
- No phishing in your name is possible
- Implementation: Thunderbird + Enigmail or natively in Thunderbird 78+
More: Encrypt Email →
Digitally Signing PDF Documents
- Adobe Acrobat/Reader: Free digital signature (simple)
- DocuSign, signNow: Cloud services for QES
- Bundesdruckerei D-Trust: German QES certificates
Code Signatures (Developers)
Software developers sign their programs so that operating systems and users can verify authenticity. An unsigned program triggers a warning in Windows/macOS.
Digital Signatures and Passwords
The private key used for digital signatures is protected by a password. A weak password compromises the entire signature chain:
- Always protect private keys in certificate files (.pfx, .p12) with a strong password
- Password Generator for key passwords (at least 20 characters)
- Store securely in a password manager