With Tresorit eSign you get to sign documents with a digital signature, which offers a heightened level of assurance through digital certificates. Tresorit partnered with Swiss Sign to enable you to digitally sign documents with Tresorit eSign.
Digital signatures are a sub-category of electronic signature: a digital signature is primarily used to protect documents during the signing process and is certified by certification authorities. An electronic signature is the umbrella category: more of evidence of the document signatory’s agreement. Find more information about the difference between the two concepts, and why the additional layer of security offered by digital signatures matter on our blog.
Are documents encrypted during the signing process?
Besides the protection offered by digital signatures, your documents will be stored and sent via Tresorit’s end-to-end encrypted infrastructure. In addition we apply the following measures to make sure only you and those who should sign have access to your document(s):
- Tresorit eSign uses hash signing, which basically means that the fingerprint of the document is calculated and gets signed
- the complete [1] PDF document is hashed on client side [2] using SHA-256
- Tresorit requests a signature for the resulting hash from our partner, SwissSign
- the hash is signed with a 2048 bit RSA key
- the signing certificate is issued toSwissSign AG, the root of the chain is Entrust Class 3 Client CA - SHA256 (accepted by PDF reader applications)
- then the resulting signature and the signing certificate are embedded into the PDF document (using incremental PDF document update) as a "ETSI.CAdES.detached" signature
[2] the initial document hash is created on client side, the unencrypted document is never uploaded to our servers, afterwards the document hash calculation is continued on server side, to also include the previously created signatures
How does Tresorit identify signers?
- a verification code is sent via email, or
- use of SSO (Microsoft, Google), or
- those who are already Tresorit users can simply log in (in this case the verification happened earlier, via the registration process)
Is Long Term Validation (LTV) available with Tresorit eSign signatures?
How to check if my document is LTV enabled?
- Open Adobe Acrobat Reader DC
- Click on"Signature Panel"
- Check for LTV validation via the list.
What happens if you modify the PDF after signing it?
In case the user modifies a signed document (making highlights, removing signatures etc.) it will mean that the document has been tampered, hence the signature will be invalid.
An electronic signature is not equal to the visual signature element placed on the document.
A simple electronic signature becomes a digital electronic signature when it's converted into a digital format and uses technology like encryption to ensure its authenticity and the integrity of the signed document.
A qualified electronic signature is a specialized form of digital electronic signature that adheres to legal and technical requirements set by eIDAS regulation. It relies on cryptographic techniques, trust infrastructure provided by certification authorities, and advanced security measures to ensure the integrity, authenticity, and legal validity of electronically signed documents, making it equivalent to a handwritten signature in many jurisdictions.
Hence different electronic signatures' value comes from the above described qualities and not from the visually displayed signature image that is placed on the document.
In case though, when the visual signature element is removed, then you remove the evidence that the document was not tampered, and it is going to be detected during the validation of the digital signature.
In case of there are multiple signatures on the document made by different people, the first signature cannot include the upcoming signatures and signer fields. That does not mean that the other signatures are invalid; each signature is applied to a specific byte range of the PDF file, that includes other signer fields as well. These signatures represent the file at their own signing time. PDF viewers can show the exact signed versions of a document.