With Tresorit eSign you get to sign documents with a digital signature, which offers a heightened level of assurance through digital certificates. Tresorit partnered with Swiss Sign to enable you to digitally sign documents with Tresorit eSign.
Digital signatures are a sub-category of electronic signature: a digital signature is primarily used to protect documents during the signing process and is certified by certification authorities. An electronic signature is the umbrella category: more of evidence of the document signatory’s agreement. Find more information about the difference between the two concepts, and why the additional layer of security offered by digital signatures matter on our blog.
Are documents encrypted during the signing process?
Besides the protection offered by digital signatures, your documents will be stored and sent via Tresorit’s end-to-end encrypted infrastructure. In addition we apply the following measures to make sure only you and those who should sign have access to your document(s):
- Tresorit eSign uses hash signing, which basically means that the fingerprint of the document is calculated and gets signed
- the complete [1] PDF document is hashed on client side [2] using SHA-256
- Tresorit requests a signature for the resulting hash from our partner, SwissSign
- the hash is signed with a 2048 bit RSA key
- the signing certificate is issued to SwissSign AG, the root of the chain is Entrust Class 3 Client CA - SHA256 (accepted by PDF reader applications)
- then the resulting signature and the signing certificate are embedded into the PDF document (using incremental PDF document update) as a "ETSI.CAdES.detached" signature
[2] the initial document hash is created on client side, the unencrypted document is never uploaded to our servers, afterwards the document hash calculation is continued on server side, to also include the previously created signatures
How does Tresorit identify signers?
- a verification code is sent via email, or
- use of SSO (Microsoft, Google), or
- those who are already Tresorit users can simply log in (in this case the verification happened earlier, via the registration process)
Is Long Term Validation (LTV) available with Tresorit eSign signatures?
How to check if my document is LTV enabled?
- Open Adobe Acrobat Reader DC
- Click on"Signature Panel"
- Check for LTV validation via the list.