|
|
|
|
|
|
by lbittner
1680 days ago
|
|
|
I work for a large PDF processing company (not Adobe) and true digital signatures are a bit more complex than that. Docusign actually uses our technology in their signing flow and it is a bit more complex than what you are describing. A true digital signature ensures that the document is not altered after the document is signed. This is done by creating a hash of the document, encrypting it using a private key provided by a signing authority, and embedding that in a certificate that is then attached to the document. When opening the signed document (in Adobe reader for example), the hash in the certificate is validated using a public key provided by the signing authority. If the document hash matches the certificate hash, then the document has not been altered! |
|
|
However, what happens with these signing websites is that WhateverSign signs the document with their own certificate - but makes no effort to verify that the person that signed the contract is truly who he says he is. So nothing stops me producing a Docusign contract with your name on it.