Basic Electronic Signature
These involve the signer applying their hand-signature mark on the document and then this being protected with a cryptographic digital signature. With basic e-signatures, the crypto digital signature is created using a server-held signing key, e.g. belonging to the service provider organisation, hence we refer to this as a “witness” digital signature. In TruePact.eu this witness digital signature is applied every time an e-signature mark is applied by the user and cryptographically binds this mark to the document and protects the document from any subsequent changes, thereby ensuring data integrity. This is a long-term signature that includes a trusted timestamp.
Normally basic e-signatures may or may-not require the user to be registered and their identity validated as a part of this. Regardless of whether or not users are registered with basic e-signatures the signer’s identity is not verifiable directly from the signed document.
Advanced and Qualified eSignatures
Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) are fully supported in TruePact.eu. AES and QES provide the highest level of trust and assurance because these use unique signing keys for every signer. This directly links the user’s identity to the signed document such that anyone can verify it on their own using an industry standard PDF reader. Note technically these are also referred to as “digital signatures” rather than “e-signatures”.
Furthermore, as the signer has sole control of their unique private signing key this ensures non-repudiation, i.e. even the service provider cannot be held responsible for creating the signature. TruePact.eu complies with eIDAS regulations for AES and QES using locally held credentials