The validity of digital signatures

It is no longer unusual for contracts to be created and concluded digitally. Often, these are also signed with the touch screen or a picture of one’s signature. Due to the spread of digitalization in our time, this is no longer a rarity. Most of the time, contracts signed in this way also go over the table without a hitch. However, security standards for digital signatures and questions of enforceability remain problematic when it comes to legal disputes.

If, for example, a signed document is scanned, the resulting PDF file is not an electronically signed document. The signature on the file is an image of the original signature and has no legal validity. Otherwise, it would be possible to copy this signature and paste it into other documents. The same applies to signatures inserted into a document using a touch screen or a photo.

High requirements must be met for an electronic signature to be declared legally binding. Only the so-called qualified electronic signature (QES) can fulfill these so far and is equivalent to a handwritten signature.

A significant problem with signing digital documents is immutability. For example, it is effortless to subsequently change a PDF document that has already been signed by touch screen using specific tools. With QES, a certificate is inserted into the document to be signed after it has been signed. This certificate can either be a QR code or an image of the signature. However, it is not the certificate on the PDF page that is decisive for legal validity. Behind it are specific algorithms that make a document unalterable. For example, the QES calculates a specific number, the so-called checksum, based on the data contained in a document, which changes with the slightest change to the document. Thus, both parties can compare this checksum and consequently ensure the authenticity and integrity of the document.

The QES can thus be compared to a medieval ring seal. If a letter has been opened, the wax seal is no longer intact, and the recipient knows that something has been changed in the letter. If a digital document is altered with a QES, the so-called checksum (the seal) is no longer correct. 

To be able to sign a document with a QES, such a QES must first be created. This is already possible today with various providers. These include Swisscom, SwissSign AG, YLEX, the Federal Office of Information Technology, Systems and Telecommunication, and others. Once it has been created, all you have to do is insert it into a document and have it authenticated via the chosen provider. If you want to check the validity of a document signed with a QES, all you have to do is click on the certificate contained in the document. A window will then open, confirming the integrity of the document.