Trustworthiness
of the inSign signature
You have received an electronic document processed with inSign containing digital signatures? Please find here everything you need to know.
What is the legal binding force of the electronic signature?
Advanced electronic signature (AES) by name entry
An advanced electronic signature is made by typing the name on the keyboard. The document contains a stamp with the note "Signed by keyboard by ... on ...".
A detailed audit protocol and the confirmed email address/SMS number serve as proof.
A detailed audit protocol and the confirmed email address/SMS number serve as proof.
Advanced electronic signature (AES) by handwriting
An advanced electronic signature is placed with the finger or a suitable pen. It looks like a handwritten signature on paper.
In addition to the signature image, biometric data is recorded and attached to the PDF in encrypted form. By means of an expert opinion, the signature can be assigned to a person and thus proven valid.
In addition to the signature image, biometric data is recorded and attached to the PDF in encrypted form. By means of an expert opinion, the signature can be assigned to a person and thus proven valid.
Qualified electronic signature (QES) by certificate
The qualified electronic signature is created with a personal certificate and a PIN/TAN. After signing, the document contains a seal with the name of the trust service provider and the note "Signed by... on... at…".
An identity check takes place before the first signature. Thus, the signature is provable, as it can be mapped to the signatory.
An identity check takes place before the first signature. Thus, the signature is provable, as it can be mapped to the signatory.
All signature types are legally valid according to the eIDAS Regulation but differ in their provability.
Is inSign regularly tested and certified?
inSign meets all requirements of the GDPR, eIDAS and ZertES and is ISO 27001, ISAE 3402 & BitMi certified.
How do I recognize if my document has been tampered with?
As part of the electronic signature, inSign has applied a digital certificate with a checksum to the document. This certificate/checksum can be validated. Various online services or software programmes are available for this purpose. Many users like to open the document in Adobe Acrobat Reader, as validation is carried out directly.
Should the document have been subsequently altered, this will be labelled with a red x and with the following annotation: ‘This signature is invalid. The documents were altered or damaged after the signature was added.’ If the symbol is green, everything is okay.
Should the document have been subsequently altered, this will be labelled with a red x and with the following annotation: ‘This signature is invalid. The documents were altered or damaged after the signature was added.’ If the symbol is green, everything is okay.
How to recognize a genuine inSign document?
It depends how you open your PDF document.
Adobe Reader
Select under the menu item “View” – “Navigation Panes” – “Signatures”. Open your document in Adobe Reader. Click the signature field, then “Signature properties” followed by “Display signatory’s certificate”. The “Summary” tab should display any of the following certificates:
Adobe Reader
Select under the menu item “View” – “Navigation Panes” – “Signatures”. Open your document in Adobe Reader. Click the signature field, then “Signature properties” followed by “Display signatory’s certificate”. The “Summary” tab should display any of the following certificates:
Foxit Reader
If you use “Foxit Reader”, you can proceed in the same way as you would using Adobe. Click the signature field, then “Signature properties” followed by “View certificate”.
Browserviewer
Unfortunately, the Chrome, Firefox, Edge and Safari browser viewers cannot display any certificate information. Therefore, it cannot be verified if the document is a genuine inSign document.
Please note: All documents containing a certificate issued before 06/12/2019 will be marked with the status “UNKNOWN”. Most documents that contain a certificate issued after 12/06/2019 will be marked with the status “VALID”. The status depends on whether the certificate used is based on a ROOT certificate listed on the EUTL (European Trust List). The biometric data is stored in the PDF document correctly in both cases.
If you use “Foxit Reader”, you can proceed in the same way as you would using Adobe. Click the signature field, then “Signature properties” followed by “View certificate”.
Browserviewer
Unfortunately, the Chrome, Firefox, Edge and Safari browser viewers cannot display any certificate information. Therefore, it cannot be verified if the document is a genuine inSign document.
Please note: All documents containing a certificate issued before 06/12/2019 will be marked with the status “UNKNOWN”. Most documents that contain a certificate issued after 12/06/2019 will be marked with the status “VALID”. The status depends on whether the certificate used is based on a ROOT certificate listed on the EUTL (European Trust List). The biometric data is stored in the PDF document correctly in both cases.
The inSign verification tool can also be used to check documents for authenticity.
Why are certificates limited in time?
Qualified certificates are never valid indefinitely. It is possible for your certificate to stay valid beyond its expiration date. The most important thing is that the certificate was valid at the time of signing.
What are the advantages of digitally signed documents?
A document containing digital signatures will be existing in its original quality in years to come. Ink-on-paper signatures, however, fade over time. This makes it nearly impossible to provide evidential value by subsequent digitization of the signature, i. e. by scanning and destroying the original.
Specific questions on signature types
AES:
How can I find out which key was used to encrypt the biometric data?
Since December 2020, information and metadata about the creator of the key are stored in the PDF document. To retrieve this information, start by opening the document in Adobe Reader. Then click on a signature field and then on “Signature Properties”.
QES:
How to validate a qualified electronic signature?
There are various online validation services, e.g. one of them is being offered on the website of the European Commission:
https://ec.europa.eu/cefdigital/DSS/webapp-demo/validation
Our customers trust inSign Made in Germany
Would you like to use inSign for your day-to-day business?
Just give it a try, it is easy as pie.