Blog Post

Unlocking success: Essential steps for legally binding document signatures at your company

Daniel Martín
Illustration: Unlocking success: Essential steps for legally binding document signatures at your company

In today’s digital age, the need for efficient and secure document signing has never been greater. But it’s natural that your company might feel overwhelmed by the complexities of document signing, with rapidly evolving standards and confusing technical acronyms. So this blog post will provide you with the knowledge and tools necessary to implement a legally binding digital signing solution at your company.

Electronic signature or digital signature?

The first question you should ask yourself is whether you need an electronic signature or digital signature solution. The answer to this question can be summarized as follows:

  • If you need a digital representation of a handwritten signature that you can use in digital documents, you need a basic electronic signature solution.

  • If you need assurance that a signed document wasn’t modified, assurance about the origin of the signer, or trusted proof of the time when the document was signed, you need a digital signature solution.

Electronic signature solutions

If you require an electronic signature solution, Nutrient supports adding electronic signatures to documents easily. You can start by exploring this demo that demonstrates the capability.

For more details, the reference guides provide detailed information about how to programmatically implement your electronic signature solution. Here are some links for the most popular platforms:

Digital signature solutions

If your use case requires digital signatures, it’s important to know that digitally signing a document requires a digital ID. So the next crucial question to answer is whether or not you already have a digital ID.

A digital ID is comprised of the certificate and keys that uniquely identify an individual or an organization. These certificates are similar to the SSL certificates you may already use on your website, but their keyUsage property must be digitalSignature.

If you or your users don’t have a digital ID, Nutrient offers an eSigning API, which is an easy-to-use cloud-based product that signs PDF documents using an advanced certificate that validates in Adobe Acrobat and other PDF readers.

If you need your own digital ID in the name of your company or any of your employees, the next section will explain how you can get one.

Obtaining a digital ID

A digital ID, like any other part of public-key cryptography, is based on trust. A certification authority (CA) issues digital IDs to individuals or companies it trusts, forming a web of trust. One of the goals of validating a digital signature is to establish a valid chain of trust between an individual or a company and a CA that everyone trusts.

There are two kinds of digital IDs you can obtain:

  • Your own digital ID and CA. The advantage of this option is that you control the certification creation without relying on third parties. The disadvantage is that you need to trust your own certification and accept that others likely will not. Using your own digital ID is a non-option when you’re signing documents that will be shared outside of your organization, because you don’t control the trust chain of the devices that will open the document.

  • A digital ID issued by a recognized CA. On the one hand, your signed documents will appear as trusted in virtually every program. On the other hand, obtaining a digital ID from a well-known certification authority involves a comprehensive process of identity verification, administrative procedures, and compliance checks.

If you decide to use your own digital ID, you can follow the instructions from our guides to do so.

If you decide to use a digital ID from a recognized CA, Nutrient has partnered with GlobalSign to help you obtain a certificate from a recognized CA and make it work when signing documents. Contact us to request more information about this.

Once you have your digital ID, you can decide on the technology and architecture to implement your signing project.

Digital signature architectures

The software architecture for signing depends on each specific project, but we can classify them into two main groups:

  • Client-only solutions

  • Client-server solutions

The next sections will outline them in more detail.

Client-only solutions

Choose this architecture if you don’t have a centralized server in your company or your devices aren’t connected to the internet. In this situation, you install the digital ID on the device you use for signing, and the signing SDK completes the signing process.

Nutrient offers many client-only SDKs that support digital signatures. If you use an iPhone, iPad, or Android device, you can follow these guides:

Client-server solutions

This is possibly the most common architecture. A device connects to a server and sends either the entire document or a representation of it (a hash or digest), and the server signs it using the configured digital ID.

Nutrient covers this architecture well with its SDKs. For the client part, you can use the signing APIs described in the previous section. All our SDKs abstract away the signing process so you can contact any external server to sign a document using a digital ID. The server can be:

  • An on-premises server you manage yourself. Nutrient offers Document Engine. Most security standards require that you handle your digital ID safely via a hardware security module (HSM) or USB token.

  • A cloud service that performs the signing, without you having to manage the server yourself. Nutrient offers Managed Document Engine and Nutrient eSigning API for these use cases.

Adding timestamping and Long-Term Validation (LTV)

Finally, once you’ve decided you need a digital signing solution, you have the digital ID to sign documents, and you’ve decided on an architecture, you need to decide if you need additional features such as timestamping, which provides proof of when a document was signed, and Long-Term Validation (LTV), which ensures a signature remains valid over time, even if the signing certificate expires or is revoked. Nutrient supports these features as well, allowing you to claim PAdES compliance. This article explains more about the different levels of PAdES compliance.

Conclusion

This post detailed the process of designing and constructing a digital signing solution. It started with deciding whether to use digital certificates and how to obtain them, and then covered the different architectures and technologies that could be employed. Digital signing solutions involve complex collaboration between certification companies and document management and modification companies. The following flowchart summarizes the digital signing design process,

image

Nutrient has extensive experience in document management and editing, as well as integrating third-party digital certificates. Contact us and we’ll guide you in creating your own document signing solution.

Author
Daniel Martín Core Engineer

Daniel is part of the Core Team at Nutrient and has worked on multiple topics, ranging from cryptography and text systems, to file format support and JavaScript engines. Outside of work, he likes spending time with his family, football, reading books, and watching films.

Explore related topics

Digital Signatures Electronic Signatures
Related products

Document Engine

Product page Guides API docs

Share post
Free trial Ready to get started?
Free trial

Related articles

Explore more
DEVELOPMENTDigital SignaturesDevelopment

Cryptography standards for PDF digital signatures

PRODUCTSWebDigital Signatures

How to Integrate AWS CloudHSM to Sign Documents

BLOGPDFDigital SignaturesProductivity

PDF Advanced Electronic Signatures, and Why Your Business Needs Them