Digital Signatures: Good Enough For Business?


2434691031_dc47fc162aEven as a web worker, there are times when we need to sign paperwork. Maybe a new client is ready to sign a contract with you. Maybe an employer needs you to sign a form. No matter why you need to get your name down on a piece of paper, it can put a crimp in a web worker’s style. After all, who among us wants to have more hard copy around than is absolutely necessary? Luckily, more and more companies are accepting digitally signed documents — even the IRS will accept digital signatures on most forms. You can sign contracts, forms and other documents with just a click of your mouse.

Digital Signatures: The Facts

A digitally signed contract is just as legitimate as one signed by hand in most countries. There is plenty of precedent dating from the time when people were first signing and returning contracts by fax. If you ever need to, you can take someone to court to enforce a contract signed electronically. However, policies on accepting digital signatures can vary from company to company. Where one company will be perfectly comfortable accepting all your paperwork by email, another may want you to fax or mail in signed documents. We’re moving towards being able to do business without hard copies of our documents, but we’re not quite there.

The Strength of a Signature

There are several different ways that you can sign a document electronically. The big difference is in how the signature is verified:

  • Your computer: Some software timestamps your signature and records the computer you used.
  • Your IP address: Especially common with online services, your signature is recorded along with your IP address
  • Public Key Infrastructure: Your signature is verified with a certificate issued by a trusted third party.

There’s a trade-off between the options: It’s harder to verify the first two options than PKI, but it can be difficult for an individual to get the required certificate for PKI. There are some online applications that use their own certificates in order to verify your signature, such as RightSignature. In comparison, Adobe Acrobat Professional (s adbe) allows you to create a digital signature that is verified based on the computer used. It can also use a certificate, but if you do not provide it with one, Adobe Acrobat will rely on your computer for verification.

Choosing a Signature Solution

Assuming that your employer or client doesn’t have an online application or a software package that they’d prefer you to use for your digital signatures, you’ll have to decide which option works best for you. It’s hard to find an option that is free as well as trustworthy. As long as you’re willing to spend a little bit of money, though, you can manage your contracts inexpensively. Personally, since I already have Adobe Acrobat on my computer, I rely on it, although I do not have a certificate to use with the software. While this is considered to be a less secure system than PKI, I haven’t had any problems with any document I’ve signed (even my 1099s). The downside is that Adobe Acrobat does not manage the entire signature process in the way that many online applications can — some will even send out emails reminding people to sign contracts.

What app do you use for digital signatures?

Image by Flickr user jk5854



My university has a online system for submitting grades but we have to submit paper based grades too.

How difficult would it be to include a computer or IP address check in their online system?

Can it easily be done in php? asp? Java?

Can a computer user fake the IP/computer using a clever browser/virtual machine setup?

When you say that that some “software timestamps your signature and records the computer you used,” what is it about the machine that the software records (MAC address? Hard Disk serial number?) and is this available to online systems?

John Jacobs- eOriginal, inc.

Great information! You all have some very good feedback and Tony, I like how you were able to outline the key components of electronic signatures. I work for eOriginal, Inc. and your post is a summary of our capabilities. We are one of the only services who provide a beginning to end turnkey solution.

When thinking about implementing electronic signatures into your current business process, you want everything to be simple for the sender and the signer, but you also want it to be admissible, managed and secure. If you are signing high value documents, you don’t want to be caught by surprise three years down the road with a contract that does not hold-up in court or can not be held as financial collateral.

I would suggest doing your homework before hand. If you are going to make this type of investment in your business, invest in something that is tailored around your needs and will grow with your business. Feel free to contact me and I will more than happy to help.


certs have some security. SSL is based on certs. Any other option seems futile. Even if it does take off it will be an accident waiting to happen. Saying that, we have to have an open mind.

Just went to the website of DocuSign to have a look and its not very clear…

Travis Carnahan

No mention that you can combine a physical signature with a digital one by signing documents on a tablet pc using pdf annotator or bluebeam. Something to consider for an alternate way to sign.


Interesting blog post, thanks!

It seems to provide a high level outline, but does not describe many of the capabilities of a solution like DocuSign such as workflow or the ability to authenticate signers on the fly. DocuSign’s service provides several authentication methods, which arguably create a stronger authentication than a ‘self signed’ PKI certificate.

In many transactions, email authentication is just not good enough.

As the author points out, the biggest issue is that digital signature technology does not provide support for the ‘rest of the process’. Key elements of a full ‘Smart’ ESIGN solution mange the whole workflow securely.
* signer authentication
* document preparation/conversion
* ESIGN required consumer consent management (for consumer transactions)
* secure document delivery/workflow/routing
* eForms capability to collect data AND deliver it to downstream systems
* transaction controls and audit trails
* secure document storage
* integration into key business applications like Salesforce, Ariba, Outlook, SharePoint, etc.

Finally, the solution needs to be able to present documents for signature in a familiar way, allow the signer to sign with ONLY a browser, or even mobile device. Requiring software or certs is a show stopper.

If you compare most digital signature solutions like Acrobat’s PDF Digital Signature tool, you’d find because it lacks most of the things on this list, which is why it really has never taken off. On the other hand, solutions like DocuSign are seeing dramatic growth in all market segments.


An Bui, DocuSign Social Media

Regarding the strength of the signature, DocuSign provides 100% audit log for its electronic signature as well as certificates of completion. Various levels of authentication are available, so you and your clients can decide which method best fits your needs.

DocuSign also provides workflow capabilities and can be integrated with CRM systems via the DocuSign API.

Please feel free to reach out to me if you have any further questions or comments.

Comments are closed.